TechMalaya.com – tech updates, tech tips, free software, blogging, photo editing

How to Remove Conficker / Confickr / Downup / Downdaup Worm

If your machine / your machine / your friend’s machine got infected by Conficker / Confickr / Downup / Downdaup worm, here are some of information about the worm, symptoms and removal tool that you may found useful to get rid of it.

Brief information about Conficker worm

• The worm attacks only Windows operating system
• It exploits a known vulnerability in the Windows Server Service
• Conficker disables a number of system services such as Windows Automatic Update, Windows Security Center, Windows Defender and Windows Security Reporting.
• Next, the worm downloads and installs additional malware on an infected computer.
• The worm also attaches itself to a certain Windows processes such as svchost.exe, explorer.exe and services.exe, making it even harder to detect.

Why should I care / be afraid of it?

• In just four days, the number of computers infected rose from 2.4 million to 8.9 million.
• There are various variants of the worm so it is here to stay.

Your PC / network is probably infected when…

• System network gets unusually congested. This can be checked with network traffic chart on Windows Task Manager.
• Account lockout policies being reset automatically.
• You can’t access your antivirus provider sites such as “trendmicro”, “sophos”, etc. (cool and evil at the same time!)
• Certain Microsoft Windows services such as Automatic Updates, Background Intelligent Transfer Service (BITS), Windows Defender and ErrorReporting Services are automatically disabled.
• Domain controllers respond slowly to client requests.
• Launches a brute force dictionary attack against administrator passwords to help it spread through ADMIN$ shares, making choice of sensible passwords advisable.

Conficker worm can infect computers / networks via..

• The network (via svchost.exe)
• Via removable drives, your USB thumb drive for example

Conficker has several other names / variants, for example:

• TA08-297A
• CVE-2008-4250
• VU827267
• Win32/Conficker.A
• Mal/Conficker-A
• Trojan.Win32.Agent.bccs
• W32.Downadup.B
• Trojan-Downloader.Win32.Agent.aqfw
• W32/Conficker.worm
• Trojan:Win32/Conficker!corrupt
• W32.Downadup
• WORM_DOWNAD
• Confickr

How to prevent Conficker virus from infecting your computer

• Apply the MS08-067 Windows Critical Security Update (and keep your Windows constantly updated!)
• Disable removable drive autorun feature in your Windows system. Check out how to disable autorun feature here or you can just do it simply with Tweak UI.
• Have some common sense, set your antivirus program to auto-update everyday.
• Set a strong Windows administrator password.
• Use other OS other than Windows (joking!)

My PC / has been infected, how do I remove Conficker – (Conficker Removal Tool) ?

• Download and use Microsoft Windows Malicious Software Removal Tool (MSRT) to remove malicious software such as Conficker.
• Use these removal tools (either one, or two if you like!):
  • FSMRT by FSecure
  • Network, Single PC by BDTools, BitDefender
  • Conficker Removal Tool by Sophos
  • W32.Downdup Removal Tool by Symantec
• Remove Conficker manually by following the instructions here. (for the adventurous!)

There you go, some information and Conficker removal tool to prepare you for the worm onslaught (if you are “lucky” to meet one!)

Tags: conficker, confickr, downup, downdaup, remove conficker, remove confickr, conficker removal tool

You come again! Maybe it is the right time to subscribe to my RSS feed. Thanks for the support!