How To Remove W32/Conficker Worm?
March 31, 2009 No Comment
W32/Conficker worm is a computer worm/virus that spreads itself by attempting to make numerous connections to computers across the network, seeking systems that do not have latest security updates, or have open shares, removable media or weak passwords.W32/Conficker.worm is a virus that exploits a previously patched vulnerability in the Windows Server service used by Windows 2000, Windows XP, Windows Vista, Windows Server 2003, Windows Server 2008, Windows 7 Beta, and Windows Server 2008 R2 Beta.
The following variants of this worm have been reported so far:
W32/Conficker.A – This exploits the Server Service on Windows computers, in which an already-infected source computer uses a specially-crafted remote procedure call request to force a buffer overflow and execute shellcode on the target computer.On the source computer, the worm runs an HTTP server on a port between 1024 and 10000. The target shellcode connects back to this HTTP server to download a copy of the worm in DLL form, which it then runs as a service via svchost.exe Processes
W32/Conficker.B – This variant can remotely execute copies of itself through the ADMIN$ share on computers visible over NetBIOS. If the share is password-protected, it will attempt a brute force attack, thereby generating large amounts of network traffic
W32/Conficker.C – This variant places a copy of itself on any attached removable media (such as USB flash drives), from which it can then infect new hosts through the Windows AutoRun mechanism.Earlier we saw how to remove AutoRun Virus.This is another instance where we find that disabling AutoRun.inf for external media would have helped.
W32/Conficker.D – This is a recently detected variant that disables services like WerSvc, ERSvc, BITS, wuauserv, WinDefend and wscsvc. It also deletes the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot to disable restarting in safe mode.
Removal Of W32/Conficker Worm:
The following are the symptoms of W32 worm:
Users being locked out of directory
Access to admin shares denied
Scheduled tasks being created
Slow response of Domain Controllers to Client Requests
Access to security related web sites is blocked
The Conficker worm disables important services on your computer including Automatic Updates, Background Intelligent Transfer Service (BITS), Windows Defender, and error reporting services.Most antivirus software could detect and block the Conficker worm, if you have an updated version of the antivirus software on your computer.You can download AVG 8.5 and remove it with an on-demand scan, if you don’t have an antivirus software installed. You can even try downloading Avast Antivirus 4.8.
If your computer is infected with the Conficker worm, you may be unable to download certain Microsoft security products, such as the Microsoft Malicious Software Removal Tool or accessing certain Web sites, such as Microsoft Update. If you cannot access those tools, you can run a free PC Scan using Windows Live OneCare Safety Scanner.
Remove W32/conficker and ensure a secure Computer Network.