Virus Alert - Conflicker Worm.
The worm exploits a bug in the Windows Server service used by Windows 2000, Windows XP, Windows Vista etc. It self-replicates as the downloadable library file %System%\[RANDOM FILE NAME].dll, deletes any user-created System Restore points and creates the services.
Conflicker Worm then downloads and executes a file and creates an http server on the computer on one random port, sends this URL as part of its payload to remote computers, then connects back to this URL to download the worm.
With all the AntiVirus scanner we know and have, you will be able ONLY to disinfect the previously locked files, some services or EXE's, but the main important part of Conflicker, will load a few days later from his own http server (connects to UPnP router and opens the http port) a new worm into your WIN32 directory.
Please take note: No AV or Malware software on the market is able to repair the damaged registry made by Conflicker or to find the http server on the compromised computer.
For that reason, the only way to get rid of conflicker is Format C.
We had over 7 infected computers, there was NO other way to get Conflicker out from the compromised computers.
Edited by king009, 18 December 2009 - 05:08 PM.