Win32:Confi is a mass spreading wormSummary
Type : Worm
Aliases : W32/Downadup, Net-Worm, Win32.Kodo, W32/Confoker
Platform : Windows
Known locations : %WINDIR%\system32, recycle bin
Win32:Confi exploits a security hole in Windows (http://www.microsoft.com/technet/security/bulletin/ms08-067.mspx ) to propagate itself over networks. After infecting a machine, Confi creates a service with a randomly generated name and tries to infect other computers in the same subnet. It also drops itself into any removable media (USB sticks) plugged into the infected machine. When the attempt to exploit neighbouring computers fails, the worm runs a brute-force attack against weak passwords. Filesystem operations above the Win32:Confi files are not accessible for common users (not even for administrators), because the worm removes the rights and ownership from its files.
Detection/RemovalManually download the corresponding patch from MS (Confi blocks access to some anti-malware sites). Update avast! VPS to the latest version. Unplug the LAN cable. Schedule the boot time scan and move all Win32:Confi files to the virus chest. After rebooting, install the MS patch. Reconnect the LAN cable and everything should be fine.
Avast Home Edition