Home | Lifestyle | Pets & Animals | Worms | Conficker Worm Removal

Conficker Worm Removal

by Jenn Foreacre

  • Overview

    Conficker is a malicious computer worm that targets computers running Windows operating systems. It makes use of your computer and network resources to replicate itself and damage its host. In its active state, Conficker disables core system services, including Windows Security Center, Windows Defender and Windows Error Reporting. It connects to an external server and downloads additional malware to the infected computer. Conficker spreads easily and can severely damage or corrupt operating systems. Fortunately, it can be detected and removed.

  • Security Scan

    Configure your security software to scan all drives, folders and removable drives and devices on your computer. Run a complete scan, then re-run it to make sure the software has not missed anything. Any detected worm files should be immediately quarantined, deactivated and deleted.
 

  • Update Windows

    Run Windows Update to make sure that you have the latest patches, fixes and security options in place. Windows Update should be run periodically, and it should be run any time you suspect a virus.

  • Network Blocklist

    If you manage a network, configure a blocklist to prevent Conficker from accessing networked computers and devices, and accessing the Internet.

  • Disable Autorun

    Disable Autorun upon the connection of an external device or insertion of a CD-ROM or DVD-ROM. Disabling Autorun will prevent automatic attacks from being launched from external sources that may have been infected. Microsoft's support website has Autorun-disabling updates specific to every version of Windows.

  • Manually Check Folders

    Manually check folders for any leftover copies or fragments of Conficker. Conficker copies itself to these locations: %all shared folders% \RECYCLER\S-%number%\%random character string%.vmx %ProgramFiles%\Internet Explorer\%random character string%.dll %ProgramFiles%\Movie Maker\%random character string%.dll %SYSDIR%\%random character string%.dll %TEMPDIR%\%random character string%.dll %ALLUSERSPROFILE%\Application Data\%random character string%.dll %SYSDIR%\%two-digit random character string%.TMP Delete any instances of these files.

    References & Resources

       
       
     
     

    Popular Topics