How to remove Conficker B++
Tuesday, February 24th, 2009 at 1:11 amHome » Remote Administration Tool (RAT), Worm » Conficker B++
Conficker B++ description
Conficker B++ a.k.a. Conficker B is a new version of the infamous Conficker worm. While earlier version of Conficker was able to connect an infected machine to a botnet, ConfickerB++ is even more dangerous than that.
Conficker B disables some Windows applications including Security Center Service, automatic updates and Windows Defender. The worm also tricks anti-spyware and anti-virus tools in order to stay undetected. Conficker B++ makes a computer accessible for remote attacks. Conficker may also download additional malwares such as trojans and keyloggers.
The latest version of this worm is the most dangerous. It is set to receive certain instructions on April 1st. Should you be concerned? Follow this link to learn more and to remove Conficker.C.
Get rid of Conficker B++
How to manually remove Conficker B++
To remove Conficker B++ spyware you must block Conficker B++ sites, stop and remove processes, unregister DLL files, search and delete all other Conficker B++ files and registry utility. Follow the Conficker B++ detection and removal instructions below.
The most typical software removal method is to remove Conficker B++ by using "Add or Remove Programs" service. However there may be hidden Conficker B++ files, running processes and registries in your computer, so Conficker B++ may recreate all other files after reboot.
Conficker B++ manual removal instructions
Block Conficker B++ sites:
hgetmyip.org
getmyip.co.uk
checkip.dyndns.org
whatsmyipaddress.com
ahayw.info
ajcminmqpeu.com
anosb.biz
aqgcurmt.net
bdfbobhuls.com
bjmqxoxbmyq.org
bszeu.info
cfcpreiwtgx.net
cpfgbuwqv.biz
cukpubgb.net
dconkp.com
dpxzsrjhsn.org
dtyqryfi.biz
dviwvh.net
dwmpveim.info
dxnlypjjxp.biz
eaguzulxdr.org
ekrohmqa.info
eoblibwqaig.info
epvzvuah.info
ethogxkt.net
euwqeixq.biz
exxcpxm.net
eyjayqmwxxo.org
ezhvnjlvuk.org
fdzwsak.net
gatkcy.org
gceqy.info
ggcnqnr.info
gkmdbporqmp.biz
gmtgpb.org
guiahproe.info
gxepchol.net
gztql.net
haqrcz.com
hkqrhqev.com
hndrijmu.org
hvxmlcc.org
idahdfyojhz.com
ipbdwihw.info
iquvtfhm.net
irhtphctgn.com
ivouyvxaf.net
jfvyipo.info
jhhwydtk.com
jjbuafs.info
jptplynb.org
jutsyu.com
kagvjo.com
kfzksydrct.org
khvdkdjnrhr.biz
ktivtbse.net
lbori.com
ltxbrwfosrg.net
mhjhb.com
mtqcpiwod.biz
nsjmewgdb.com
ntshnjyxfh.net
nxphotp.com
ocykqj.biz
oenjrcaly.net
oororgpkbp.com
ozlqvnkiq.net
palrw.org
pmotqmf.com
pvuxb.info
qffszcfgyzn.org
qfoilcqp.com
qjafgfp.net
rfduzjbztg.biz
riuvunis.info
rlbidexd.org
rntbogfz.biz
rtkrhxsp.biz
ruolomicarp.org
rxytvgkapvw.biz
safxg.net
sdxkcnzcvhd.org
shbyxebiec.biz
srsoeggve.org
tbkmloh.net
tezjm.net
tilazlfn.com
tqlxquy.org
trxho.org
uiiwmmgr.com
upyuqxpmlxt.net
vdunf.net
vtewiyny.info
vuahzmvf.biz
vweoof.org
wkjhjr.com
xehlydgan.net
xmmzcsqm.biz
xtjejduc.org
xxwoteojg.biz
xytbvkrqhu.info
ybhufq.net
yenhbrt.biz
yfczve.info
ylfamhcgn.net
ylzbgyorfy.org
ysxbkquj.info
ythekdrar.net
yudxsol.org
yzbvrteij.biz
yzpjvpkdtq.biz
zjxuw.org
zpqhr.biz
zuuroktw.biz
zzkjecmf.com
Read more how to block Conficker B++ sites
Stop and remove Conficker B++ processes:
svchost.exe
explorer.exe
services.exe
Read more how to kill Conficker B++ processes
Locate and delete Conficker B++ registry entries:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\{random}\Parameters\”ServiceDll” = “Path to worm”
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\{random}\”ImagePath” = %SystemRoot%\system32\svchost.exe -k netsvcs
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
“TcpNumConnections” = dword:0×00FFFFFE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Advanced\Folder\Hidden\SHO WALLCheckedValue = dword:00000000
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost, netsvcs = %Previous data% and %Random%
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\
DisplayName = %ServiceName%
Type = dword:00000020
Start = dword:00000002
ErrorControl = dword:00000000
ImagePath = “%SystemRoot%\system32\svchost.exe -k netsvcs”
ObjectName = “LocalSystem”
Description = %description%
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\[random]\Parameters
ServiceDll = %MalwarePath%
Read more how to delete Conficker B++ registry entries
Download RegistryBooster 2010 to scan errors caused by Conficker B++
Detect and delete other Conficker B++ files:
%Temp%\[RANDOM].dll
%Program Files%\Movie Maker\[RANDOM].dll
services.exe
%System%\[RANDOM].tmp
%All Users Application Data%\[RANDOM].dll
%Program Files%\Internet Explorer\[RANDOM].dll
explorer.exe
%Temp%\[RANDOM].tmp
%System%\[RANDOM].dll
svchost.exe
We strongly recommend you to use spyware remover to track Conficker B++ and automaticaly remove Conficker B++ processes, registries and files as well as other spyware threats.
Conficker B++
Trackbacks
Leave a Reply
Subscribe
Search
Categories
- Adware
- Backdoor
- Browser Helper Object
- Browser Hijacker
- Fake warning messages
- Keylogger
- Malicious domains
- Remote Administration Tool (RAT)
- Rogue Antispyware
- Tracking Cookie
- Trojan
- Worm
Latest spyware threats
- Malware Destructor 2011
- PriceGong
- SearchandClick
- MegaVaccine
- Windows Defence
- SP Center
- Defence Center
- White Shark Virus
- AV Defender 2011 Platinum
- Win7 AV
- AV Security Suite Platinum
- SpyDefender 2010
- My Security Suite
- VideoCop
- AWM Antivirus
Recently commented
- AV Security Suite Platinum
- AntiSpy Safeguard
- Pest Detector 4.1
- My Security Shield
- Red Cross Antivirus
- Antimalware Doctor
- Anti-Virus Professional
- Earth AV
- VideoCop
- AV Security Suite
- The Shield Deluxe 2010
Malicious domains
- Antivirsword.com
- Webantispy.com
- Antivirmore.com
- Antivirglass.com
- Oksave9.co.cc
- Smartsecadv.com
- AV-look.com
- Profantivir.com
- Customwebblacklist.com
- Av-look.net
Fake warning messages
- Fake Microsoft Security Essentials Alert
- Video ActiveX Object Error
- Fake Adobe Flash Player install
- AV Security Suite – Attention! Spyware Alert
- AV Security Suite – Antivirus Software alert
- AV Security Suite – Windows Security alert
- AV Security Suite Spyware Alert – Application is infected
- AV Security Suite – This website has been reported as unsafe
- Application cannot be executed pop-up
- Lsas.Trojan-Spy.DOS.Keycopy
Tutorials
- Contact Us
- How to block malicious websites using HOSTS file?
- How to delete registry entries?
- How to download and install Spyware Doctor
- How to kill malicious processes?
- How to recognize a rogue security program?
- How to recognize a rogue website?
- How to unregister DLL files?
- Signs of browser hijacker infection
Archive
- September 2010
- August 2010
- July 2010
- June 2010
- May 2010
- April 2010
- March 2010
- February 2010
- January 2010
- December 2009
- November 2009
- October 2009
- September 2009
- August 2009
- July 2009
- June 2009
- May 2009
- April 2009
- March 2009
- February 2009
- January 2009
- December 2008
- November 2008
- October 2008
Tags
Security News- Remove Malware Destructor 2011, Malware Destructor 2011 removal
- Clever spammer found a flaw in Facebook to spread unwanted messages to walls
- Remove Windows Defence, Windows Defence removal
- Remove SP Center, SP Center removal
- Remove Defence Center, Defence Center removal tutorial
- Remove MegaVaccine, MegaVaccine removal
- Remove White Shark Virus, White Shark Virus removal
March 26th, 2010 at 5:40 am
I have Microsoft Sec.Essencials and it gets the worm and removes but the PC runs slow again so I got the worm again. It keeps going around in circles.I hope this gets rid of it altogeather. Thank you Carol
Reply
June 12th, 2010 at 12:35 am
The worm is extremely difficult to handle and remove. I hope with this progam I will be able ot remove it permanently.
Reply