January 25, 2008
Doctor Web notifies all users that the Win32.HLLW.Shadow.based polymorphic network worm also known as Net-Worm.Win32.Kido, W32.Downadup and Worm:Win32/Conficker is still running in the wild. By now several modifications of the malicious program have been discovered. Dr.Web anti-virus programs using latest virus definitions can cure the system of all modifications of the worm and prevent it from getting into the system.
Doctor Web has already issued a warning about the outbreak of Win32.HLLW.Shadow.based . The piece of news also described functionality of the polymorphic worm (some of its modifications can be detected by Dr.Web as Win32.HLLW.Autoruner.5555), its curing method and provided tips on how to avoid such infections in the future.
Virus analysts of Doctor Web have been adding curing procedures for all modifications of Win32.HLLW.Shadow.based to the virus database since it was discovered. Doctor Web recommend users of other anti-viruses to check if their virus definitions are up to date and make sure that they can visit www.drweb.com and _http://freedrweb.com_ without any problems which willmean that the system has not been compromised by the worm. If the last updating of a virus database has been performed twenty-four hours ago or earlier and the web-sites are inaccessible, the system may be infected by Win32.HLLW.Shadow.based.
If so do the following;
- Install latest Windows security updates:
- download Dr.Web CureIt! (http://freedrweb.com) that features latest virus definitions and perform the full scan of all disks;
- reboot the system;
- update the virus database of your anti-virus.
Tell us what you think
You will be awarded one Dr.Webling per comment. To ask Doctor Web’s site administration about a news item, enter @admin at the beginning of your comment. If your question is for the author of one of the comments, put @ before their names.