The Register reports that 3 in 10 windows PC are vulnerable to conficker attacks. Conficker removal tools are fortunately available for those whose computers have gotten the nasty worm. Here's an article on how to remove conficker virus.
The conficker computer worm, also known as downup, downandup and Kido first surfaced in 2008 but as of January 17,IBN Live reports that 6.5 million computers have already been infected by this virus. There is also link between conficker and rogue antivirus protection tools. In April 2009, PC world reported that conficker actually installs rogue anti virus protection programs. These softwares pretend to be legitimate security tools but are actually malwares. Examples of these include the rogue antivirus protection trial and antivirus center.*
The downadup worm also gathers personal information and installs malware into the infected computer. The downadup worm also attaches to several windows processes including svchost.exe, explorer.exe and services.exe. When the downadup or conficker worm is executed, the win 32 downadup virus may disable system processes in the compromised computer. Removing conficker virus should be done as soon as these symptoms appear in your computer.
Conficker virus removal
Because the conficker worm also spreads through portable storage devices such as USB drives, disabling your PC's autorun feature for external media is recommended. The following are conficker worm removal applications that you may want to check out:
Conficker Removers
Several Win32 conficker removal tools are now available. Check out the following downadup/conficker remover tool links:
Symantec W32.Downadup Removal Tool
F-SECURE Malware Removal Tool
Microsoft's Malicious Software Removal tool
Share this post on facebook or twitter to help your friends who have issues with the conficker virus.
Wednesday, January 21, 2009
How to Remove Conficker Virus
Labels: Internet security, new
Subscribe to:
Post Comments (Atom)
63 comments:
thanks for this informative post. never encountered that virus yet. hoping i will. :) so that i may apply what you have suggested.
What? You want your computer infected with this conficker computer virus?
I have this stupid virus and many of the "experts" are wrong - especially the ones who say that this worm is more or less harmless. This this is adapting and spreading even with all of the updates and security patches in place. I've done everything that they claim will protect and get rid of this thing and nothing works. I've almost resigned myself to the fact that I will have to strip my drive and reinstall everything. (It's a good thing I still use my old school smarts and keep my vital data on a different drive - the conficker seems to be confused by that one:))
Catalin,
Thanks for the link and information.
ZGuy,
Computer viruses are getting "smarter" and they do "evolve" to continue spreading and infecting more computers.
Other symptoms include modifications to DNS and TCP/IP configuration. Conficker will also open lots of un-authorized ports in your Firewall, so a good way to check is to have a gander at your 'Wall and see if there are ports open that shouldn't be.
This is probably, code-wise, one of the most advanced viruses in circulation. Spent 8 hours dissecting it yesterday on a honey-trap machine: incredible line architecture.
Hello , iam requesting yahoo to remove the fanbox from my pc, i dont like this groups and also nasty attitude , they dont opinion they talk about peep , and i want this fanbox out from my pc , can someone help , Daisy
I can't click the download button. Well, I can click it, but it says "Connection to the server has stopped". (Using Firefox). Is there another way? BTW, It won't let me access the Microsoft website, or any virus-curing type site. Is this that virus?
"Connection Interrupted.The connection to the server was reset while the page was loading. The network link was interrupted while negotiating a connection. Please try again." Is what comes up when I try to click it (both before and after). I Can't access the other sites either. They both say the same thing. Actually, I CAN access the microsoft link, but when I go to download it, it says the message up above. Plus, sites just pop up whenever I try to do links, so I have to copy and paste the site names into the url at the top.
See if you can copy and paste this:
http://www.symantec.com/content/en/us/global/removal_tool/threat_writeups/FixDownadup.exe
It's not that the link didn't work for that, It just gave me the error message. BTW, I just tried to copy and paste that and It didn't work. Got the same message again. Wait, would I be able to download it off a different computer, use my Flash Drive (which doesn't have the virus on it, I haven't used it in a while), and put it on this one? Then just run an avg check or something on my drive? (Speaking of AVG, It won't let me update it.)
Please try to read this: http://busaustralia.com/forum/viewtopic.php?f=28&t=38241
It might help
Wow, thanks Rhodilee, it worked. I can download it now, much appreciated.
You are welcome Mikey :-)
I just wonder which of the virus removal processes mentioned in that forum you used to remove the conficker virus...
The one where you turn off the device driver.
Thanks for the info Mikey.
Reposting here the process from Bus Australia:
Go to
Control Panel > System > Hardware > Device Manager > View > Show Hidden Devices.
Scroll down to “Non-plug and Play Drivers” and click the plus icon to open those drivers.
Search for “TDSSserv.sys”
Right click on it, and select “Disable”
If you select Uninstall, it will install itself again when you reboot the system, so DON’T select Uninstall.
Restart your pc.
You can now update your Antirus/Malware/Rootkit softwares
Hey Guys we have a virus like that conficker etc. any worm virus but my anti-virus can remove all that shit worm, they said its made it from a rusian developer who knows guys,just email me d.vallesfin@gmail.com
This is ZeR0C0L from cebu philipines
Dont worry about that all worm virus in our company we are also infected on that virus any worm, even though you have AVG,Node32 can't remove some of that worm because this is a new virus, guys as i said we have an anti-virus on that if your data is very important its already infected on that worm i can help you. just mail me. d.vallesfin@gmail.com
Dandan,
The conficker computer virus infection is from a "rusian developer"? Hmmmm... Microsoft is reportedly awarding 250,000 dollars to anyone who will give them info about whoever made this annoying computer virus...
My company has over more then 500 computers now infected with the virus. LOVELY!
i can fix this
i can fix this, i have found a solution!
Hi All, I write step by step how to remove this Worm in my Blog.. http://www.gokhiel.com/2009/02/how-to-remove-eliminate-conficker-worm.html
Hi. Here is a writeup on Step by Step removing the Conficker virus from multiple PC's.
http://blog.sekiur.com/2009/02/step-by-step-in-dealing-with-conficker/
If the virus is so prevalent and still growing relatively quickly, where are the recent numbers talking about how many computers are infected? If it was 10 million in January after a couple weeks, is it now 100 million? More? Less? Where are the stats?
And I know there are probably a lot of hard-core Windows users who will complain to me, but have you guys considered Linux or Macs? The lack of viruses should be more than enough incentive. If anyone is afraid about money, Linux is free. If anyone is afraid about ease-of-use, Macs are easier than PCs with Windows. I know from experience. And they're not really so expensive. You can get a decent Mac Mini for about the same price as an HP Slimline with similar specs, and lots of Mac software is way less expensive than the Windows versions.
I have similar topic with your blog, do you get shit loads of spam? I hate those spam that clutter my blog!
[...] Microsoft provides a conflicker removal tool, the Malicious Software Removal tool (MSRT). Links for this conflicker remover and more information about the conflicker are available in this link. You can also read this post: How to remove conficker virus [...]
they have found a way 2 stop the virus it on a sweetish web site it in latin (i under stand it )
they have found a way 2 stop the virus it on a sweetish web site it in latin
(i under stand it )
hope u people do
I am hearing rumors that this virus is set to do more damage on april fools day. I didn't think it needed a special day to ruin one (it didn't need a special occasion to ruin mine:)). Has anyone else heard the rumors? Have any of you who have taken it apart found anything like that in it's code? Just wondering.
[...] say that it hasn’t resulted in much damage and that its impact is primarily http://blogs.wsj.comHow to Remove Conficker VirusThis article is about removing the conficker/ downadup virus The conficker computer worm, also known [...]
[...] Removing conficker virus Conficker Protection and Removal Related PostsHow to Remove Conficker VirusThis article is about removing the conficker/ downadup virus The conficker computer worm, also kn...New Google feature to predict tomorrow’s eventsGoogle Australia announced a new Google feature called the gday which can predict news events, sport...Conflicker Virus: Protection and RemovalHow to Protect Your PC from Conflicker Virus Among the things that you can do to protect your com...How to avoid getting a yahoo messenger virusPreventing Viruses on USB DrivesCantalktech.com is an internet security website that provides spam filtering and spam prevention information. It also provides computer anti virus protection articles and virus removal tips. Written by Rhodilee [...]
hiks2.. that viruses attacking me this past few weeks and i got to change my internet antivirus on linux. hope this removal work out. thanks.. :(
[...] [1] How to Remove Conficker Virus [2] CITES :: Conficker Virus [3] Conficker - Wikipedia, the free encyclopedia [4] More details on [...]
yah that is onE of the symptoms that u are indeed infected by Conficker worm.
now in order to remove the conficker to ur pc u need to
use another pc which is not infected and download the patch
from any free pc scanning websites.
Tried to disable the driver, still can't update or install anything. Does the microsoft remover or the one link from the austrialian bus work? if so i'll try to get them from another computer via email or flash drive
You can follow these step by step guides to remove conficker, works 100%
http://www.livecrunch.com/2009/03/31/tips-and-tricks-how-to-remove-conficker-worm/
this conficker virus seems to be really getting out of hand. i still cant work out how to get it off properly anything that Microsoft and other security sites tell you to do don't really work.. i have tried a system restore, so that i can at least install the security patches.. and its letting me do that. but i would suggest just to format and reload windows.. its the best way to get rid of any virus's... and its probably gonna be easier to do it like that anyway
Conficker will be easy to track to the origin of owner... just have alot of anti-virus on your computer, when you get the virus open up an op tracer or any hacking tool such as Backtrack or IP-Tool.. when you do that, scan your computer with the anti virus and some boxes should pop up with either ip addresses or proxys, go into your IP-Tools and click on Tracer, enter the ip's/proxys in the tracer and scan, if it is a proxy you might have to do some more advanced hacking
I believe I may have this problem. I can't access the msn website and all anti-virus sites. Tried the link you furnished and I also get the same result - Page Load Error. I am a bit worried about its impact on my online transactions. Will this virus compromise the security of my online banking transactions and my PayPal account?
can you please mail me the patch or post another link that targets a different location other than those links that locate to anti-virus websites, because maybe you know that computers infected with this worm cannot access the sites provided above...
thanks
does it stay off of partitioned/virtual drives????????
You likely have the conficker virus if you can't access the removal tools and the antivirus sites. Read this post on how to get rid of the conficker virus IF you can't access the removal links: http://cantalktech.com/2009/04/01/infected-conficker-virus/
ifd anyone need the fix, and can't access antivirus websites
http://www.slingfile.com/info-92127532694144132036186344914919824b869c00f3e252.html#mail_info
ops sorry
http://www.slingfile.com/file/37828-3093122491.html
I have the conficker worm on my computer. I have downloaded all the tools but nothing seems to work. I tried Symantecs in safe mode, didnt find anything. The Microsoft Malicious software tool says I need administrator rights (I am logging in as admin...conficker has affected my admin I am assuming). I tried F-Secure's, Trend Micro Damage Cleanup Engine, BD rem tool but none of them pick up anything. I do know I have it as I can't get to the sites needed or download them and it appears it has taken over admin on me. Any suggestions?
wel atually there is a way to solve ur problem.
now dont use any GUI baSe conflicker remover software because it will just automatically close by the worm instead use a command prompt style conflicker remover such as "conflicker memory disinfecter" now upon using this software you need to unplug ur computer from the internet or in a network and when scanning is complete it recommends u to restart, restart ur computer. when ur computer finish reStarting u are not finish yet instead plug ur computer in the internet now try to surf the microsoft website and if u can successfully view it. u are now 80% success cleaning ur computer from conflicker. now the last step that u will do is to install latest antivirus software such as nod32 team it up with super antispyware for more instense protection and USB security disk for flash drive. thats ol i hope it can help solve ur problem..tc
I have a problem, as well. (I wouldn't be posting otherwise.) I am pretty sure that I got the Conflicker Virus, but I can't use the programs or view the websites. Heck, I can't even boot up! I turn on my computer, it tries to boot windows, then it says that it couldn't. Then, it asks if I would like to run Windows Startup Repair. I hit enter, (yes), and it tries to run that. It fails, goes to a blue screen, then either turns off or resets. When I say that I want to start Windows normally, it says "Windows is loading files..." with a loading bar beneath it. When it gets to a certain point in loading, it stops and starts over. I then have to turn the machine off. I don't know what to do about this, but I want to do something, myself, first. Before I take it to a professional, that is. Thanks for any help that you can give me!!!
- ZackCopy
i believe that i have the virus. i first noticed it when i plug my usb in to my laptop and the autorun had been edited to fun a file it created in the recycle folder. i successfully removed all evidence of these files and folders but i cant run my anti virus software (paid version of AVG 8) plus now when ever i run photoshop my memory dumps every time. i have tried all the downloads but i still have the problem another thing is that this same thing happened to all my computers at home. i managed to open the file in text to check out its code. ignoring all the funny characters at th etop this is what i was left with "KERNEL32.DLL CreateTapePartition GetComputerNameA CloseHandle SetDefaultCommConfigA VirtualProtect DisableThreadLibraryCalls CreateFileA RtlZeroMemory GetShortPathNameA ExitProcess InitAtomTable BeginUpdateResourceA GetOEMCP CreatePipe GetFileAttributesExA ReadConsoleOutputW FreeLibrary WriteFile SetUnhandledExceptionFilter AllocConsole CreateFileW GetProfileIntA ReadFile GetThreadPriority ConvertDefaultLocale ADVAPI32.DLL AccessCheckAndAuditAlarmW SetFileSecurityW SetNamedSecurityInfoW CryptEnumProviderTypesW CryptContextAddRef GetKernelObjectSecurity GetMultipleTrusteeOperationA SetEntriesInAuditListA BuildExplicitAccessWithNameA GetLengthSid ConvertSecurityDescriptorToAccessW GetTrusteeTypeA LogonUserW"
my kernall32 file looks very messed up and was wondering if i download kernall32 file weather that could stuff my laptop up any further?
any advice and getting this virus out of my machine would be handy.
if i back up onto disks only the files i want eg music, vidoes, pictures and documents and then format the harddrive would this fix it?
what is ever 1 talk about
[...] Additionally, the conficker worm virus reportedly shows hints on how it will be used by its creators to earn money. Researchers at Kaspersky Labs say that the conflicker worm virus downloads the fake security scanner Spyware Protect 2009 into conficker infected PCs in a bid to earn money from people looking for computer infection solution. The Spyware Protect 2009 rogue antivirus is advertised through pop up advertisements. There are free conficker removal tools however that you can use for conficker worm removal. You can check out this article on free Conficker removal programs. [...]
Okay i have this annoying pop up. It says Windows security center and how i need to do such and such. I used the link to remove the dreaded Conficker Virus. But the toll said I am not infected with it. So what is wrong with my computer any help please.
Edit: It also appears as Internet Antivirus Pro
Never mind i figured it out i have Internet Antivirus Pro.
someone i know just got a new comp and got infected before they could update security. Will reinstalling system to factory remove conficker? They don't have any files to save so nothing needs to be backed up.
I believe I have the virus and every link I try to use to remove the virus will not work. I cannot access any of my antivirus stuff. I need help. I am not computer savvy enough to figure this out!
hmm well i had one of the conflickers and i couldnt system restore couldnt open microsoft office cause i wasnt admin so this virus i had lost my rights
the only one thing to do is format or revoer data loss :P
I completely agree with you, Santiago. I'm in the Point of Sale industry and I've had seven of my stores attacked by this virus. Currently installing a new store set to open tomorrow and my entire network of 15 systems will have to be reloaded if I can't find a cure within the hour. Let's hope this bastard trips and breaks his neck getting out of his car.
doesn't anybody realize that its all in the plan of Microsoft???
my theories...
1. how did they know that its gonna be lunch on april 1st..?
2. how did they cracked its so easily upon the lunch of the virus..?
3. or they were the one who spreads the virus...HELLO???? new anti virus = New PAyment....
okay people help me out here .. my fiance is IT Manager for a huge company ... infected with this Conficker crap ... nothing is working .. the steps do not work on his servers .. does anyone have any idea what to do .. ? If this doesnt get fixed he wont be home for christmas .. :(.
To Jennifer C,
Had the same problem and the only "fast acting" tool that
worked for me was the "Sophos Conficker Removal Tool"
available for free download, my have to sign up, can't
recall...But it worked like a charm. The other tools
including McAfee did not work. AVG's Corporate version
of their antivirus works extremely well...Just my humble
two cents....Cheers
....Additionally, very important that the machines
are properly patched and updated. Otherwise, you
will have to try additional tools from ESET, F-SECURE,
SYMANTEC and of course, SOPHOS...
Webroot Security immediately got rid of it. I tried malwarebytes, and other methods of trying to fix this problem & nothing. Just google webroot & download the trial. It's worth subscribing to. AND this will NOT be blocked, many of the tool removal sites are blocked due to the virus.
@chester0326:
Where can find this command prompt based "conflicker memory disinfecter" tool that you mentioned??
Post a Comment