Skip to main content

How to remove Conficker virus / worm

Conficker Virus or worm has already hit more than 9 million windows users all around the world within a very short span of time and counting is growing. I don't want to write here all the typical nonsense like 'this virus steals informations, blah blah blah, congest the network..' thing. Lots of the media reporters just create hype without knowing the real fact.



To make long story short, on October, 23rd 2008, Microsoft released the security bulletin MS08-067 about the serious vulnerability in Windows . Microsoft listed it as critical risk which could allow remote code execution. As usual trend, followed by Patch Tuesday ritual, there came Exploit Wednesday, and that's how Conficker worm/virus was born. This worm exploits the unpatched(bulletin MS08-067) systems. (Patch Tuesday is every second Tuesday of the month when Microsoft releases the patches/updates to download and Exploit Wednesday is the day soon followed by the patch Tuesday when Virus Writers take note of the security vulnerabilities and start writing virus especially targeted towards unguarded systems. Even after security updates release by Microsoft, more than 70% users never update their systems and that's how they fall victim of Exploit Wednesday)

Symptoms of Conficker

According to antivirus companies, once the system is infected, this virus installs rogue anti-virus and anti-spywares softwares, urging users to buy rogue softwares online. Many confirmed that this virus travels through emails to emails with links to malicious sites, once clicked.. the unpatched system gets infected instantaneously. Extremely slow PC, flashy Windows Wallpapers, weird icons at desktop,frequent pop ups about virus infection, misguided hyperlinks while searching online,root drive injection of malicious program via autorun features of windows, etc are some of it's symptoms.

How to safeguard against Conficker

1. Immediately patch your windows XP system.
Download the Security Bulletin MS08-067 updates from here.

OR

1. All versions of Windows Operating system are at stake, including the recent Windows 7 Beta. If you have other versions of the Windows.
Check this link and download the updates correspondingly.

2. Disable the autorun features of Windows. Follow my old post here and read one of my comments there to disable the autorun in Windows



3. Update all your security softwares ASAP with latest definitions and virus database.

4. Double-check on all those emails and IM messages with links from your friends and reconfirm if it's really sent by them. Make sure, even if it looks like it's sent by your friends, is genuine email.

5. If you are of those who doesn't know much about virus/worms, have a read on one of my old post about evolution of virus and worms.

How to remove Conficker Virus / Worm

1. If you think your system is infected, it disables your current antivirus, antispywares update features or whatever security softwares you've installed. It totally disabled my spybot-search & destroy antispyware program.So, Check your computer from one of these free online virus scanners on this link to make thing sure.

2. When I tested this infection on my sandbox, most of the antivirus softwares like Norton,Mcafee,Avg etc never detected this worm, NOD32 detected this but couldn't remove it . The only software that successfully tried to remove and removed this worm is Malwarebytes' Anti-Malware.
Download this from here.

3. Restart your computer in safemode. Empty your recycled bin. Disable System Restore feature for a moment. Install Malwarebytes' Anti-Malware, give it a run for couple of times deleting all the culprits each time. (Usually takes an hour or two)

4. Remove all the suspicious startups from using Start->Run->msconfig.

5. Uninstall all the rogue softwares from 'Add/Remove programs' of Windows.

6. Delete all the suspicious Autorun remnants manually.

7. Clear up all the caches/cookies etc of your browsers.

8. Patch the system and change all your passwords on next startup.

And lastly, be very alert, vigilant and keep reading Microsoft's bulletin and update your system in timely manner.


Mac/Linux users, it's lame to accuse window's vulnerabilities for your reason of using your systems.

Thank you for reading my post.

Comments

Popular posts from this blog

Prashant Tamang -A Nepalese in Indian Idol 3

CONGRATULATION !!!! PRASHANT FOR BEING INDIAN IDOL Here in US, we don't have Sony channel, may be there is but the region where i am, we don't have. Whatever ... am glad to hear that PRASHANT became an INDIAN IDOL. Update(Sept,12 2007): Prashant Tamang in Boudha Prashant Tamang is becoming sensation day by day as the final decisive day is approaching nearer and nearer. For his support, lots of people are convincing people to vote for him. People are relating his victory with nation's pride which i don't like. Besides, the communal attachment for him is growing day by day. It's only we mongolian face supporting him in Nepal. Like in Dharan and other different place of our country,people has put his banners, posters showing support for him. Yesterday, it was no moon day and i was lighting butterlamps in front of BoudhaNath stupa and suddenly i saw, there is huge banner of Prashant Tamang. Tamangs of Boudha has done this admiration for him. Normally, we see portrays

जेनेरेटरबाट गाउमै कम्प्युटर कक्षा

त्रिवेणी र्-पर्वत, फागुन २८ - "जहा इच्छा, त्यहा उपाय " । प्रविधि मोहमा होम्मिएका पर्वतको दर्ुगम गाउ“ त्रिवेणीका युवाले यही उखानलाई चरितार्थ गरेका छन् । बिजुलीे पुग्न नसकेको दर्ुगम गाउ“का यी युवाले जेनेरेटर चलाएर कम्प्युटर सिक्न सुरु गरेका छन् । बेहुलीबास गाविसका दीपक काफ्लेले त्रिवेणीमा खोलेको ओम इन्स्िटच्युटमा यहा“का विद्यार्थी र अभिभावक कम्प्युटरमा झुम्मिन्छन् । इन्स्िटच्युटमा दैनिक २० जनाभन्दा बढी कम्प्युटर सिक्न थालेका छन् । एक जनाबाट महिनाको एक हजार पा“च सयदेखि २ हजारसम्म लिने गरेको काफ्ले बताए । सरकारले वितरण गरेको विद्युत् लाइन पुग्न नसके पनि लाखांै खर्चेर उनले जेनेरेटर र कम्प्युटर खरिद गरे । गाउ“लेलाई सेवा दिने र व्यवसायसमेत गर्ने उद्देश्यले आफूले यस्तो काम थालेको काफ्लेले बताए । 'सहरमा गएर यस्तै काम सिकियो गाउ“लेलाई पनि सिकाउने रहर लाग्यो,' उनले भने । सदरमुकामदेखि यातायात र सूचनाका लागि समेत निकै पछाडि परेको गाउ“मा स्थानीय व्यक्तिले नया“ प्रविधि सिकाउने कक्षा खोलेपछि जान्ने र सिक्ने रहर भएकास“गै रमाइलोका लागि पनि धेरै जना आउने गरेका छन् । काफ्लेका अनुसार

Do you have a Blogger(blogspot) Blog and do you know Google is deleting blogger blogs??

As usual, I was checking backlink tool to find some of the friends link (who has linked backed to me before) if they still have my link backlinked to me or not. Well, some of them didn't link back to me. I checked their site and the message I got upon visiting their blogspot(blogger) blog was something like "this blog has been deleted." As I was visiting some of the other blogspot blog, I found few of them got deleted too. I thought, may be they got over blogging. Recently more and more blogspot(blogger) blogs are unavailable or being deleted. Now, these things forced me to think why those blogs are being deleted. I usually check official google blog for any kind of stuff they are upto. Their blog was shut down too(it's some days before), they are online now though. But, it's quite eerie because this very blog of mine is hosted on blogger's server too. I don't know what happened to their official blog but it's confirmed news they are deleting blogs. M