How To Remove Conflicker.B Spam Trojan - (Uninstall Guide)
Article by George Norman
On 21 Oct 2009
A new spam campaign is making the rounds, warning users about a Conflicker.B Infection. The spam message pretends to be a warning message from Microsoft that advises users to download the attached file in order to keep their system protected a new variant of the Conflicker worm. It goes without saying that you should ignore these spam messages; it also goes without saying that you should not download the attachment.

Here is how the spam message looks like:

Advertising

Subject: Conflicker.B Infection Alert
Attached file: install.zip
Message body:

Dear Microsoft Customer,

Starting 18/10/2009 the ‘Conficker’ worm began infecting Microsoft customers unusually rapidly. Microsoft has been advised by your Internet provider that your network is infected.

To counteract further spread we advise removing the infection using an antispyware program. We are supplying all effected Windows Users with a free system scan in order to clean any files infected by the virus.

Please install attached file to start the scan. The process takes under a minute and will prevent your files from being compromised. We appreciate your prompt cooperation.

Regards,
Microsoft Windows Agent #2 (Hollis)
Microsoft Windows Computer Safety Division


The email’s attachment is a ZIP file that contains a file called install.exe. If you run the install.exe file you will let a Trojan loose on your system. This is what will happen:
  • The settings of Internet Explorer will be changed so that it will run files considered risky
  • You will be presented with phony security warnings like this one (the spelling mistakes are real - see image above): Your computer is infected! Windows has detected spyware infection!
    It is recomended to use special antispyware tools to pervent data loss.Windows will now download and install the most up-to-date antispyware for you.
    Click here to protect your computer from spyware!
  • Rogue antispyware program Antivirus Pro 2010 will be installed on your machine.




Automatic removal guide


Manual removal guide

Using Task Manager, shut down and remove the processes:

seres.exe
svcst.exe
lizkavd.exe


Access the Windows Registry Editor and delete the following registry keys:


HKEY_LOCAL_MACHINESOFTWAREAntivirusPro_2010
HKEY_LOCAL_MACHINESOFTWAREMicrosoftESENTProcesslizkavd
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionUninstallAntivirusPro_2010
HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerDownload "RunInvalidSignatures" = "1"
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesAssociations "LowRiskFileTypes" = "zip;.rar;.cab;.txt;.exe;.reg;.msi;.htm;.html;.gif;.bmp;.jpg;.avi;.mov;.mp3;.wav"
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesAssociations "SaveZoneInformation" = "1"
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorer "ForceClassicControlPanel" = "1"
HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerDownload "CheckExeSignatures" = "no"
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun "mserv"
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun "svchost"
HKEY_LOCAL_MACHINESOFTWAREMicrosoftESENTProcesslizkavd
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun "Antivirus Pro 2010"


Locate and delete the following files:

%UserProfile%Application Dataseres.exe
%UserProfile%Application Datasvcst.exe
%UserProfile%Application Datalizkavd.exe


Tags:
About the author: George Norman
.
You can follow him on Google+, Facebook or Twitter

I Hope you LIKE this blog post! Thank you!
What do YOU have to say about this
blog comments powered by Disqus
Popular Removal Guide
By George Norman on 19 Feb 2010
If you did not manually install XP Micro Antivirus and the software just showed up on your computer one day, it means that a Trojan
By George Norman on 19 Feb 2010
Software Antivirus, unlike what the name may suggest, is not a security software solution nor is it an antivirus program. Software Antivirus is nothing more
By George Norman on 19 Feb 2010
The irony here is that the name WiniFighter would lead you to believe this is a security software application that will keep malware from the
By George Norman on 19 Feb 2010
PC Security 2009, a rogue antispyware program, is usually distributed by malware that installs the rogue on your system without your consent. The rogue’s installer
By George Norman on 18 Feb 2010
The people with malicious intent that put out the Internet Security 2010 rogue have rolled out another fake security software application, mainly Security
By George Norman on 18 Feb 2010
Personal Anti Malware, a rogue security software application, is usually distributed by Trojans. A Trojan manages to compromise your system, then installs the rogue without
Advertising
Hot Software Updates
Top Downloads
Become A Fan!
Link To Us!

HTML Linking Code