Conficker Worm Removal

March 31, 2009 by in The Pit Blog

redo1

UPDATE4/10/2009: Reports are coming in identifying SpywareProtect2009 as being another of the specific scareware tactics being used after Conficker’s latest update. The victim receives a warning and is prompted to purchase the removal tool @$49.99, then the download streams in from the Ukraine. Do not under any circumstances follow instructions from one of these prompts.

Making its first appearance in late October of 2008, the Conficker worm is due to morph from its current developmental stage and sprout wings on April Fools Day 2009. Is it a big deal? Big enough for Microsoft to put a bounty on the head of this
outlaw and it’s creator, to the tune of $250,000.00. Big enough for the Department of Homeland Security to release an announcement and provide a removal tool for it’s federal, local, and state governments and commercial vendors.

This worm is considered extremely dangerous and has already infected between 9 million and 15 million systems. Known to save a copy of its .dll files to random files in the Windows System folder, it then loads each time you boot Windows.

Once infected it can disable system devices, reset and remove restore points, and stop automatic updates. This is in addition to stopping Windows security, Windows Defender and Error Reporting. This worm possesses the latest technology to help spread its destruction and avoid detection and removal. On April 1st. this nasty worm will emerge and return to it’s creator for even more instructions.

All of this leads to a sluggish and unresponsive system that prevents the user from navigating to any website that offers useful help. That’s right, trying to access sites like PC Pitstop, Avast, Malwarebytes, is almost impossible after being infected.

I suggest that everyone who reads this go to Microsoft Updates and be sure you have all the latest security updates. Every neighbor within walking distance has asked for help removing the first wave of this insidious threat. Teachers and students alike have been ringing my doorbell with laptops in tow. I’m curious to see what happens when the April 1st emergence date arrives. Will the seemingly cleaned systems spring forth with the mutated worm? It won’t be long before we know.

What do do? First install all Microsoft security updates. Then in an effort to beat the bug to the punch, make sure your antivirus definitions are up-to-date. If you haven’t done so already download the free Malwarebytes or Avast trial in case you do become infected. I can speak first hand to the issue of being able to navigate to helpful sites. Once infected it’s a must to get help quickly. Be aware that you need to download and run while in SafeMode with Networking , then again with System Restore turned off. Just don’t forget to turn it back on and set a restore point when done. With Avast you will be prompted to check the system memory and also the boot sector on reboot. Be sure to do both as they are definitely known hiding places.


Known As

Conficker

win32 Conficker

Win32 Downup

ConfickerA

Net Worm Kido


Affected Systems

Windows 2000

Windows XP

Windows Vista

Windows Server 2003

Windows Server 2008 (beta thru RC)

Windows 7 beta (all beta versions)


Type

Worm/Virus


Means Of Infection

No MS Patch

Previously infected system on network

AutoPlay enabled

Weak Password Protection


Prevention

Microsoft patch MS08-067

Turn off AutoPlay

Create strong password


Removal

MS Worm Removal”>Microsoft Removal Tool

Malwarebytes”>Malwarebytes

PC Pitstop Exterminate Free Scan”>PC Pitstop

Avast Free Edition”>Avast 4 Home

Sunbelt Vipre Technology”>Sunbelt Software

Good luck and keep your worm defenses up!

______________________________________________________________________________________________________________________

Links and Tools

Microsoft Removal Tool

Password


Turn Off Autoplay

MS Worm Removal

Avast Free Edition

Malwarebytes

MS08-067 Patch

Sunbelt Vipre Technology

PC Pitstop Exterminate Free Scan

Department of Homeland Security

58 Responses to Conficker Worm Removal

  1. jj says:

    thatnks for the info.


  2. James Blanchard says:

    The websites suggested to remove the virus are being blocked by the virus. I downloaded Avast Free Edition, but the program failed to connect to install itself. I don’t know what to do to remove Conficker.


  3. DJ_Tempest says:

    i use avg and zonealarm and have so for years i have never had any infections and i do update my protection everyday plus i use ccleaner and atf-cleaner norton is a joke one u install it it is hard to uninstall as in it spiders through everything somewhat like a virus or worm i know from first hand but that is just my opinion


  4. Locator says:

    Everyone has opinions on security and like too share thier ideas, we all have I,am sure the best protection for our needs, but for 1 I like to hear what you are all using and Thank You for sharing, also I would like to Thank the people at PC Pitstop for years of great service ( O how you have helped me in the pass ) and how I will be using your services in the future !!!
    Thanks Again for the great work you do

    Ken


  5. SandieB says:

    A lot of the viruses out there are temporary files, so if you go to tools and remove all temporary files and then reboot your computer you will be surprised how good it may work.


  6. Renee says:

    Thanks for all the information. I always find these forums so helpful and educational.

    However, I have a major problem. I’m currently using a friend’s computer as my PC has been attacked, I think. Just as I was finishing my taxes, my PC froze so naturally, I rebooted. But something took over and my PC continued like it had a mind of its own…it rebooted and rebooted and rebooted and rebooted…my computer wouldn’t stop rebooting! After turning it off/on myself a few times with the same result, it did stop rebooting and the screen simply read “A problem with the hard drive has been detected. Consult the Troubleshooting section of your user’s manual. Press the Enter key to continue.”

    When I do press the Enter key, the screen simply shows “Press to Resume” but nothing happens when I actually do press F4.

    What is my next course of action? Lost the user’s manual a long time ago. I had a similar problem when this PC was less than a year old and a gracious neighbor was able to fix it very quickly (he worked for Microsoft). I’m no longer lucky enough to have this brilliant neighbor so I don’t know what to do…trying to figure this out on my own. Does this sound like a virus/worm? What kind of leg work can I do before calling in the professionals? Do I throw in the towel as this PC is 7 years old now? It may cost more to fix than it is worth. I don’t have a great deal of disposable income with a 20 month old baby running around but I really need my computer back not to mention all those pictures of my little one, ugggg!

    Please advise! Thanks for your time!


  7. heiser says:

    the best and most practical way to protect and prevent these issues is setting up limited user accounts while the administrative accounts are password protected !

    many may find this annoying because they cannot install programs without privileges, this is a sacrifice many are willing to take.

    first thing is to make sure the system isn’t already infected, the second thing is maintenance like a defrag, the third’ make sure you have all the programs you need.

    you will be able to use these programs in a limited user account, you won’t be able to defrag unless you switch accounts to an escalated account, you will be able to receive your mail and browse www as before.

    your system will be secure, just remember to log off your administrative account when switching.

    limited accounts are what they are, they are least privileged and it’s almost impossible root will get infected.

    good luck and enjoy, i hope my suggestions helped.


Leave a Reply

Your email address will not be published. Required fields are marked *


You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Scan with PC Matic

Sign up for our FREE Newsletter

Our weekly newsletter is packed with computer tips & tricks.
As a bonus, receive monthly emails with exclusive offers.

Which device is the most important to you?

View Results

Loading ... Loading ...


Contributors