Ahnlab Safe Transaction What Is It

Posted on by



Security

About AhnLab AhnLab creates agile, integrated internet security solutions for corporate organizations. Founded in 1995, AhnLab, a global leader in security, delivers comprehensive protection for networks, transactions, and essential services. AhnLab delivers best-of-breed threat prevention that scales.

Conficker?

Ahnlab Internet Security

Conflicker?

DownAndUp?

  1. StSess32.exe is part of AhnLab Safe Transaction and developed by AhnLab, Inc. According to the StSess32.exe version information. StSess32.exe's description is 'AhnLab Safe Transaction Application' StSess32.exe is digitally signed by AhnLab, Inc. StSess32.exe is usually located in the 'C: Program Files AhnLab Safe Transaction Nz32 ' folder.
  2. AhnLab Safe Transaction is a program developed by AhnLab. The most used version is 1.3.19.873, with over 98% of all installations currently using this version. It adds a background controller service that is set to automatically run. Delaying the start of this service is possible through the service manager.

It’s all so confusing, but whatever the name, the worm is the same. Here’s the scoop (for simplicity of reading, I’m going to just refer to it as Conflicker)

Conflicker has been around for a while, and in fact has three known variants (versions), A, B, and C. The much-hyped event that’s anticipated for this April Fool’s Day is that a new variant, Conflicker_D will likely be deployed.

Ahnlab Windows 10

Backgrounder:

In general, Conflicker is a botnet type worm which means the way it works is to infect as many machines as possible and enable a “network” of sorts by allowing the worm’s author to connect to the infected machines through the Internet. Although no other payload has yet been discovered, it is assumed that any payload could be potentially delivered thanks to the fact that Conflicker allows its author to take control of infected machines remotely.

How does Conflicker get on your PC?

Unlike old-school virus that were transmitted via email or other so-called ‘viral’ methods, there is no social engineering or similar trickery required for your PC to become infected with Conflicker. That is, you don’t infect yourself by clicking or opening anything. In fact, all that’s required to get infected, is to be connected to the Internet and not have the latest patches (Windows updates) from Microsoft! This is because Conflicker gets into your machine through a security flaw in Windows, and if you don’t have the patch from Microsoft that closes up the flaw, your PC is susceptible to infection.

Ahnlab Free Download

What are the symptoms?

Unfortunately for the unprotected and infected, there really aren’t any visible symptoms to speak of. Unlike old-school viruses that generally had a calling card then emailed themselves to all your friends and wiped out your hard drive, Conflicker remains more valuable to it’s author by being quiet, efficient, and undetected. The most common symptom that might alert you to a Conflicker infection is a virus scan reporting that you’re infected.

Why Conflicker?

Why is it valuable to somebody to infect all those (millions) of PCs and not do typical virus-like things such as destroy the machines? Think of it as a person or entity having control of all those machines to do whatever they please, whenever they please! For example, how much would access to those machines be worth on the black market to an unscrupulous organization that may want to harvest credit card or banking information, or use those machines to launch a DOS (Denial of Service) attack against a website. The possibilities for how those millions of machines could be put to use are endless, so what the author of Conflicker has done is created a high-value network of PCs that may include your own if you are infected, and may just be sold of to the highest bidder as a tool that’s not likely to be used for good.

How can you protect yourself?

Ahnlab

If you have Windows automatic updates turned on, you’re probably already protected as Microsoft already released the updates that close the flaw back in October of 2008.

If you’re not sure, you can get updates from the microsoft update website by clicking this link: Windows Updates

It’s also a good idea to make sure your Antivirus program is up to date and perform a virus scan as all of the major Antivirus providers currently detect Conflicker variants.

Ahnlab Safe Transaction What Is It

Below is a short list of resources. You can find a more comprehensive list including technical research info at The Internet Storm Center/DSHIELD

Removal Instructions

Microsoft:
http://support.microsoft.com/kb/962007

What

Kaspersky:
http://support.kaspersky.com/faq/

BitDefender:
http://www.bitdefender.com/VIRUS-1000462-en–Win32.Worm.Downadup.Gen.html

Trend Micro:
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp
To be able to access Anti-Virus vendors and SANS, Microsoft and others, from an infected Conficker.C machine, TrendMicro suggests to use “net stop dnscache” from the command line

Sophos:
http://www.sophos.com/support/knowledgebase/article/51416.html

Removal Tools

Safe

Microsoft MSRT:
http://www.microsoft.com/security/malwareremove/default.mspx

Ahnlab Safe Transaction What Is Item

F-Secure:
ftp://ftp.f-secure.com/anti-virus/tools/beta/f-downadup.zip

AhnLab::
http://global.ahnlab.com/global/file_removeal_down.jsp?filename=12371830475821&down_filename=v3conficker.zip

Symantec:
http://www.symantec.com/business/security_response/writeup.jsp?docid=2009-011316-0247-99

McAfee:
http://vil.nai.com/vil/stinger/

ESET:http://download.eset.com/special/EConfickerRemover.exe

BitDefender:
http://www.bdtools.net/

Kaspersky:
http://data2.kaspersky-labs.com:8080/special/KidoKiller_v3.3.3.zip

Safetransactionsvc Ahnlab Safe Transaction Service

TrendMicro:
https://securecloud.com/support/sysclean

Ahnlab Safe Transaction Is Already Running

Sophos:
https://secure.sophos.com/products/free-tools/conficker-removal-tool-network/download (registration required)

This article was written by Andy Trask, Head Geek at Geek Housecalls, the New England area’s original traveling computer geeks, on the web at www.geekhousecalls.com. Geek Housecalls specializes in “anything computer” and, since 2001, has become the trusted in-home computer and technology support provider for over 15,000 families and small business computer users in eastern Massachusetts, Rhode Island, and southern New Hampshire. For help with your computers, gadgets, or network at home or at the office, click here to contact Geek Housecalls via the web, or call toll free:

1-877-4PC-GEEK (1-877-472-4335)