Sunday, January 25, 2009

How to remove Conficker virus / worm

Conficker Virus or worm has already hit more than 9 million windows users all around the world within a very short span of time and counting is growing. I don't want to write here all the typical nonsense like 'this virus steals informations, blah blah blah, congest the network..' thing. Lots of the media reporters just create hype without knowing the real fact.



To make long story short, on October, 23rd 2008, Microsoft released the security bulletin MS08-067 about the serious vulnerability in Windows . Microsoft listed it as critical risk which could allow remote code execution. As usual trend, followed by Patch Tuesday ritual, there came Exploit Wednesday, and that's how Conficker worm/virus was born. This worm exploits the unpatched(bulletin MS08-067) systems. (Patch Tuesday is every second Tuesday of the month when Microsoft releases the patches/updates to download and Exploit Wednesday is the day soon followed by the patch Tuesday when Virus Writers take note of the security vulnerabilities and start writing virus especially targeted towards unguarded systems. Even after security updates release by Microsoft, more than 70% users never update their systems and that's how they fall victim of Exploit Wednesday)

Symptoms of Conficker

According to antivirus companies, once the system is infected, this virus installs rogue anti-virus and anti-spywares softwares, urging users to buy rogue softwares online. Many confirmed that this virus travels through emails to emails with links to malicious sites, once clicked.. the unpatched system gets infected instantaneously. Extremely slow PC, flashy Windows Wallpapers, weird icons at desktop,frequent pop ups about virus infection, misguided hyperlinks while searching online,root drive injection of malicious program via autorun features of windows, etc are some of it's symptoms.

How to safeguard against Conficker

1. Immediately patch your windows XP system.
Download the Security Bulletin MS08-067 updates from here.

OR

1. All versions of Windows Operating system are at stake, including the recent Windows 7 Beta. If you have other versions of the Windows.
Check this link and download the updates correspondingly.

2. Disable the autorun features of Windows. Follow my old post here and read one of my comments there to disable the autorun in Windows



3. Update all your security softwares ASAP with latest definitions and virus database.

4. Double-check on all those emails and IM messages with links from your friends and reconfirm if it's really sent by them. Make sure, even if it looks like it's sent by your friends, is genuine email.

5. If you are of those who doesn't know much about virus/worms, have a read on one of my old post about evolution of virus and worms.

How to remove Conficker Virus / Worm

1. If you think your system is infected, it disables your current antivirus, antispywares update features or whatever security softwares you've installed. It totally disabled my spybot-search & destroy antispyware program.So, Check your computer from one of these free online virus scanners on this link to make thing sure.

2. When I tested this infection on my sandbox, most of the antivirus softwares like Norton,Mcafee,Avg etc never detected this worm, NOD32 detected this but couldn't remove it . The only software that successfully tried to remove and removed this worm is Malwarebytes' Anti-Malware.
Download this from here.

3. Restart your computer in safemode. Empty your recycled bin. Disable System Restore feature for a moment. Install Malwarebytes' Anti-Malware, give it a run for couple of times deleting all the culprits each time. (Usually takes an hour or two)

4. Remove all the suspicious startups from using Start->Run->msconfig.

5. Uninstall all the rogue softwares from 'Add/Remove programs' of Windows.

6. Delete all the suspicious Autorun remnants manually.

7. Clear up all the caches/cookies etc of your browsers.

8. Patch the system and change all your passwords on next startup.

And lastly, be very alert, vigilant and keep reading Microsoft's bulletin and update your system in timely manner.


Mac/Linux users, it's lame to accuse window's vulnerabilities for your reason of using your systems.

Thank you for reading my post.

0 comments:

Copyright © 2014
Designed by Navin