US-CERT warns of another variant of Conficker worm

The U.S. Computer Emergency Readiness Team (US-CERT) warns that researchers on April 9 discovered a new variant of the Conficker worm that updates earlier infections via its peer-to-peer network.

The worm, also known as W32.Downadup, also is resuming its scan-and-infect activity, searching for unpatched systems that can be exploited.
“With the discovery of a new variant, it is even more important for users to remain watchful in detecting the Conficker worm and thoroughly cleaning systems of these infections to prevent potential, future cyber events,” US-CERT warned.

Although Conficker/Downadup has infected upwards of an estimated 10 million computers, it so far does not appear to have been engaged in overt malevolent activity. Because the malicious code can be detected and removed, the number of currently infected computers is estimated at several million.

The most recent variant appears to download additional malicious code onto compromised systems, possibly including copies of the Waledac Trojan, a spam tool. This could indicate an interest in using a Conficker botnet for spamming. Waledac has previously spread via e-mail messages that contain malicious links.

The original W32.Downadup.A exploited only the MS08-067 vulnerability in Windows XP Service Pack 2 and Windows 2003 Service Pack 1 operating systems, for which Microsoft issued an unusual patch outside of its regular monthly patching cycle. The more recent .B variant has added password guessing and the ability to copy itself to USB drives to its capabilities, giving it a wider dissemination throughout a network once it is inside. The authors of the malware appear to be trying to gather low-hanging fruit in a network.

On April 1 a .C variant was scheduled to become active that would provide additional protection for the worm’s command and control network. The worm uses an algorithm to generate a pseudo-random list of domains for its command and control network, which its infected clients check daily for instructions. Symantec analysts who examined the new code said that the variant would use a new algorithm to determine what domains to contact. It went from generating 500 domains a day to 50,000 domains with the new algorithm. Because a command and control server can be a weak spot whose elimination can disable a botnet, this could make Conficker/Downadup more difficult to attack.

One of Conficker’s defenses is blocking access to sites providing detection and cleanup tools. This also makes it relatively easy to detect a possible infection. US-CERT advises that a simple test for the presence of Conficker/Downadup infection is to visit security solution Web sites.

http://www.symantec.com/norton/theme.jsp?themeid=conficker_worm&inid=us_ghp_link_conficker_worm
http://www.microsoft.com/protect/computer/viruses/worms/conficker.mspx
http://www.mcafee.com

If a user is unable to reach any of these Web sites, it may indicate a Conficker/Downadup infection,” US-CERT says. “The most recent variant of Conficker/Downadup interferes with queries for these sites, preventing a user from visiting them. If a Conficker/Downadup infection is suspected, the system or computer should be removed from the network or unplugged from the Internet in the case for home users.”

Instructions and information on how to manually remove a Conficker/Downadup infection from a system have been published by several security vendors, which offer free tools to verify the presence of a Conficker/Downadup infection and remove the worm. They include:

Symantec: http://www.symantec.com/business/security_response/writeup.jsp?docid=2009-011316-0247-99
Microsoft: http://support.microsoft.com/kb/962007
http://www.microsoft.com/protect/computer/viruses/worms/conficker.mspx

For more about Confickr worm virus removal you can visit on Remove Virus Online to directly Contact technical expert

How to Manually Reset TCP/IP in Windows XP

This post is intended for advanced computer users. If you are not comfortable with advanced troubleshooting, ask someone for Computer help or contact Support

In Windows XP, a reset command is available in the IP context of the NetShell utility.

Follow these steps to use the reset command to reset TCP/IP manually:

1. To open a command prompt, click Start and then click Run. Copy and paste (or type) the following command in the Open box and then press ENTER:
cmd
2. At the command prompt, copy and paste (or type) the following command and then press ENTER:
netsh int ip reset c:\resetlog.txt
Note If you do not want to specify a directory path for the log file, use the following command:
netsh int ip reset resetlog.txt

When you run the reset command, it rewrites two registry keys that are used by TCP/IP. This has the same result as removing and reinstalling the protocol. The reset command rewrites the following two registry keys:

SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\
SYSTEM\CurrentControlSet\Services\DHCP\Parameters\

To run the manual command successfully, you must specify a file name for the log, in which the actions that netsh takes will be recorded. When you run the manual command, TCP/IP is reset and the actions that were taken are recorded in the log file.

The first example, c:\resetlog.txt, creates a path where the log will reside. The second example, resetlog.txt, creates the log file in the current directory. In either case, if the specified log file already exists, the new log will be appended to the end of the existing file.

How To Add and Enable Additional Languages in Windows

Windows operating system by default support English (US). you can add addtional langauge with operaing system.This post describes how to add and enable support for additional languages on a computer running Windows and provide technical support to add in Windows NT. 4.0 and windows XP operating system.

Windows NT. 4.0

You can add, enable, and configure support for multiple languages using the Regional Settings tool in Control Panel. You can also add some languages that are not listed in the Regional Settings tool from the Windows CD-ROM.

To add an additional language in Windows NT 4.0, follow these steps:

1. In the Langpack folder on the Windows NT 4.0 CD-ROM, right-click <language>.inf, and then click Install.

NOTE: Some languages require files from the I386 folder as well as the Langpack folder. If you are prompted for the location of a file that is not in the Langpack folder, specify the I386 folder and then return to the Langpack folder the next time you are prompted for a file.
2. Restart your computer.

To enable a newly added language and specify a keyboard layout in Windows NT, follow these steps:

1. Click Start, point to Settings, and then click Control Panel.
2. Double-click Regional Settings.
3. On the Regional Settings tab, click the appropriate language, and then click Apply.
4. Click the Input Locales tab.
5. In the Input Locales box, click the appropriate language, and then click Properties.
6. In the Keyboard Layout box, click the appropriate keyboard layout, click OK, and then click OK.

Windows XP

To install another language and keyboard layout in Windows XP, follow these steps:

1. In the Windows XP standard Start menu, click Start, and then click Control Panel.
In the Windows XP classic Start menu, click Start, click Settings, and then click Control Panel.
2. Double-click Regional and Language Options.
3. Click the Languages tab, and then click Details under “Text Services and Input Languages”.
4. Click Add under “Installed Services”, and then click the language you want to add and the keyboard layout you want to use for that language.
5. To configure the settings for the Language bar, click Language Bar under “Preferences”.

Related Search:

Fix XP Memory Dump File Error
How to Troubleshoot Boot Problems in Windows
Computer repair Services
Install standard VGA compatible driver
How to Create a Multiple-Boot System

Video won’t play on YouTube

This post describes how to troubleshoot issues relating to Youtube videos which wont play. Videos on YouTube are streamed through an Adobe Flash player. For the best viewing experience, we suggest to install the latest version of Adobe Flash after removing any old versions you’ve installed.

Warning: Uninstalling the software should be done on the descretion of the customer. Make sure to take permission from the customer before we continue further steps. Create system restore point to be on the safer side.

Uninstall Flash and follow Adobe’s instructions, listed here: http://www.adobe.com/cfusion/knowledgebase/index.cfm?id=tn_14157
Once uninstallation is complete, reboot the computer.
Re-install Flash Player by clicking on the following link:
http://www.adobe.com/shockwave/download/download.cgi?P1_Prod_Version=ShockwaveFlash
Try to view video again on www.youtube.com
If the above steps did not help, please follow the steps below:

Disable or uninstall any pop-up blocking softwares installed on the PC.
Allow youtube.com as trusted site in Firewall software installed on the PC.
Ensure applications like Quicktime, iTunes, Real Player or Windows Media Player etc. aren’t set as default streaming application.
Windows Vista users:

If the flash uninstall/re-install does not work, this may be due to a Microsoft Windows Vista permissions issue.

Please use the Windows button at the bottom left-hand corner, then the search function:
Go to: C:\Windows\System32\Macromedia\Flash\
Right-click the following file: FlashUtil9b.exe or FlashUtil9e.exe
Select ‘Run as Administrator’ and install the update.
Restart your computer

More  Search

General Computer Health Checkup Tips
How to Troubleshoot Boot Problems in Windows
Install standard VGA compatible driver
Windows updates not working (Windows XP)
computer repair
Fix XP Memory Dump File Error

How to fix if Movie Maker has stopped working

This post provides computer support for how to fix movie maker not working. This issue can occur if an incompatible video filter is installed on the computer. To resolve this problem, start Movie Maker in safe mode and then configure Movie Maker so that the incompatible video filter is not loaded.

To resolve this problem, start Movie Maker in safe mode, and then configure Movie Maker so that the incompatible video filter is not loaded.

To do this, follow these steps:
1. Click ‘Start’, and then click ‘All Programs’.
2. Click ‘Accessories’, and then click ‘Command Prompt’.
3. At the command prompt, type ‘CD \program files\movie maker’, and then press ENTER.
4. Type ‘moviemk.exe /safemode’, and then press ENTER.
5. When Movie Maker starts, click ‘Tools’, and then click ‘Options’.
6. Click the ‘Compatibility’ tab.
7. In the ‘Filters’ section, click to clear the check boxes of any third-party video filters that are not required.

Related Search:

• Install standard VGA compatible driver
• Fix XP Memory Dump File Error
• How to Create a Multiple-Boot System
• Windows updates not working (Windows XP)
• computer repair

Windows XP CONFIG.SYS & AUTOEXEC.BAT FILES

This post provide further information for fix windows XP CONFIG.SYS & AUTOEXEC.BAT file error.A program can be loaded at startup from various places. By knowing where these are located, you have more direct control over them. How to edit and control startup program launching is different in Windows 95 than in Windows 98 and Millennium, primarily due to the innovation in Win98 of MSCONFIG.EXE. In the instructions below, the programs MSCONFIG, SYSEDIT, and REGEDIT each can be launched by clicking Start, then Run, typing in the program name, and clicking OK. (MSCONFIG does not come with Win95, and looks significantly different in Windows XP. SYSEDIT does not come with Windows Millennium. Either may be copied over from a version of Windows that has it. Consult your operating system licensing agreement to determining whether you may do this legally.)

Launch SYSEDIT and examine the AUTOEXEC.BAT and CONFIG.SYS files. At machine startup, configuration steps in CONFIG.SYS and command lines listed in AUTOEXEC.BAT will execute. For more information on individual MS-DOS or command prompt commands, open a DOS or command prompt window and type the individual command followed by /?. For more information on special batch file commands, see the Batch File Commands article on this site. You can temporarily suspend any line of this file by placing REM (followed by a space) in front of the line.

QUIRKS by QUIRKE: South African Windows watchdog, Chris Quirke, has alerted me to a strange Windows quirk I never knew about. In Win95/98, COMMAND.COM launches not “Autoexec.bat” per se but, rather, the simple command AUTOEXEC. This means that the usual command line launching rules apply so that a .BAT file is first sought (AUTOEXEC.BAT) but, if one isn’t found, the OS next will look for AUTOEXEC.COM and, thereafter, AUTOEXEC.EXE! On the one hand, this is a useful trick; on the other hand, it’s an especially useful trick for malware designers!

In Win98, you have the additional option of launching MSCONFIG, clicking on the AUTOEXEC.BAT and CONFIG.SYS tabs, finding these lines, and unchecking the box in front of them. In Windows Millennium Edition, the MSCONFIG method, or editing AUTOEXEC.BAT and CONFIG.SYS with Notepad, are your only options unless you migrate SYSEDIT.EXE to your system. In Windows XP, the only option is to edit AUTOEXEC.BAT (if it exists) with Notepad.

NOTE ON RESTARTING IN MS-DOS MODE: Though somewhat outside the scope of this article (which primarily deals with Windows startup program loading), some mention should be made of the DOSSTART.BAT file. If you use the option, from within Windows 95/98, to “Restart in MS-DOS Mode,“ different startup execution files are run depending on certain options you select when shutting down to DOS. Under most circumstances, the DOSSTART.BAT file in the C:\Windows folder is executed much like AUTOEXEC.BAT (except that it will not execute SET commands). However, if you create a shortcut for shutting down to DOS and select the option to specify a new MS-DOS configuration (thereby creating custom AUTOEXEC.BAT and CONFIG.SYS files), DOSSTART.BAT is not executed, but your custom AUTOEXEC.BAT and CONFIG.SYS files are executed instead. A more detailed explanation of what happens in these situations is given in MS Knowledge Base Article 138996, Description of Restarting Computer in MS-DOS Mode.

A somewhat related, but quite distinctive, process occurs in Windows ME when you open a command prompt (that is, a “DOS window”). Windows ME does not have a provision to shut down to DOS. However, when you open a command prompt window it executes commands contained in the CMDINIT.BAT file in the C:\Windows\Command folder. By default, CMDINIT.BAT launches the DosKey program for each command prompt session.