How to Remove the Conficker Virus (Removal Guide)

September 27, 2010, By Fouad Bajwa

UK’s daily The Register has been reporting (here) that 3 out of 10 computers running Windows are facing Conficker Worm attacks.  According to Wikipedia, it uses flaws in Windows software and Dictionary attacks on administrator passwords to co-opt machines and link them into a virtual computer that can be commanded remotely by its authors.

Conficker has since spread rapidly into what is now believed to be the largest computer worm infection since the 2003 SQL Slammer, with more than seven million government, business and home computers in over 200 countries now under its control.

The worm has been unusually difficult to counter because of its combined use of many advanced malware techniques.

Two variants of Conficker affected computers connected to the global networks. During early November 2008, Conficker was launched and propagated via Internet exploiting a vulnerability in a network service (MS08-067) on various Windows versions: Windows 2000, Windows XP, Windows Vista, Windows Server 2003, Windows Server 2008 including Windows Server 2008 R2 Beta.

In response to this, Microsoft released an emergency out-of-band patch on October 23, 2008 to close this vulnerability in Windows 7 (public beta). Despite all these, a large number of Windows PCs estimated to be around at 30% continued to remain unpatched as late as January 2009.

The second variant of the Confiker worm was discovered on December 2008. It added the ability to propagate over LANs through removable media and network shares allowing the worm to propagate quickly and by January 2009, the estimated number of infected computers ranged from almost 9 million to 15 million.

According to Antivirus software vendor Panda Security, 2 million computers analyzed through ActiveScan reports around 115,000 (6%) were infected with Conficker. The worm continues to change in its propagation activity and update strategy of recent variants. This how-to focuses on removing the Conficker Worm as well as the relation between Conflicker and fake Antivirus protection software.

Conficker symptoms

The Conficker Worm or its variants are executed in a PC disabling the system’s Windows Auto Update, Windows security center, Windows Defender and Windows error reporting.

Conficker and fake antivirus protection softwares

According to PC world in 2009, Conficker is distributed through virus endorsement programs such as malwares such as ecovirus , cyber safeguard virus and security tool virus.  Variants of the worm also gathers personal information and installs malware on the infected computer and infects  several windows processes including svchost.exe, explorer.exe and services.exe.

How-to Remove Conficker Virus

How-to Remove Conficker Virus

The easiest way to get rid of Conficker is to use one of the removal applications that are given below and ensure that one avoids connecting unsolicited and unscanned portable storage devices like USB drives. The following are a list of recommended Conficker Virus Remover Applications:

Using Microsoft’s Malicious Software Removal Tool:

Microsoft® Windows® Malicious Software Removal Tool (KB890830) checks your computer for infection by specific, prevalent malicious software (including Blaster, Sasser, and Mydoom) and helps to remove the infection if it is found. Download the tool here.

  1. Download the tool from the link above.
  2. To start the installation immediately, click Run.
  3. When the detection and removal process is complete, the tool displays a report describing the outcome, including which, if any, malicious software was detected and removed.
  4. The tool creates a log file named mrt.log in the %WINDIR%\debug folder

Symantec W32.Downadup Removal Tool:

We would recommend you to visit this detailed instruction page on the Symantec Antivirus Website here to successfully download and install the following tool here from the F-secure Website.

© 2008-2012 - All rights reserved | Privacy Policy