How to remove Conficker
Monday, January 26th, 2009 at 6:16 amHome » Worm » Conficker
Conficker description
Conficker worm (also known as Downadup worm) is a very widespread infection. Conficker is very dangerous since it performs many harmful actions and it even joins an infected machine to a botnet.
Conficker (a.k.a. Downadup) basically spreads via MS08-067 Windows vulnerability. Download and install the latest Windows updates to avoid the infection. However, Conficker/Downadup also infects computers via removable media and network shares.
Conficker infection is easy to recognize. The compromised machine runs really slowly and security-related websites don’t load. Conficker prevents victims from downloading new security programs or updating old ones. It exploits legitimate svchost.exe file; this may cause system errors regarding to svchost.exe. Conficker worm is also capable of erasing all the System Restore points.
Remove Conficker/Downadup as soon as possible. The worm makes it difficult to use a computer. The compromised machine might be used for sending spam and other malicious activities.
The latest version of this worm is the most dangerous. It is set to receive certain instructions on April 1st. Follow this link to remove Conficker.C.
Get rid of Conficker
How to manually remove Conficker
To remove Conficker spyware you must block Conficker sites, stop and remove processes, unregister DLL files, search and delete all other Conficker files and registry utility. Follow the Conficker detection and removal instructions below.
The most typical software removal method is to remove Conficker by using "Add or Remove Programs" service. However there may be hidden Conficker files, running processes and registries in your computer, so Conficker may recreate all other files after reboot.
Conficker manual removal instructions
Block Conficker sites:
hgetmyip.org
getmyip.co.uk
checkip.dyndns.org
whatsmyipaddress.com
ahayw.info
ajcminmqpeu.com
anosb.biz
aqgcurmt.net
bdfbobhuls.com
bjmqxoxbmyq.org
bszeu.info
cfcpreiwtgx.net
cpfgbuwqv.biz
cukpubgb.net
dconkp.com
dpxzsrjhsn.org
dtyqryfi.biz
dviwvh.net
dwmpveim.info
dxnlypjjxp.biz
eaguzulxdr.org
ekrohmqa.info
eoblibwqaig.info
epvzvuah.info
ethogxkt.net
euwqeixq.biz
exxcpxm.net
eyjayqmwxxo.org
ezhvnjlvuk.org
fdzwsak.net
gatkcy.org
gceqy.info
ggcnqnr.info
gkmdbporqmp.biz
gmtgpb.org
guiahproe.info
gxepchol.net
gztql.net
haqrcz.com
hkqrhqev.com
hndrijmu.org
hvxmlcc.org
idahdfyojhz.com
ipbdwihw.info
iquvtfhm.net
irhtphctgn.com
ivouyvxaf.net
jfvyipo.info
jhhwydtk.com
jjbuafs.info
jptplynb.org
jutsyu.com
kagvjo.com
kfzksydrct.org
khvdkdjnrhr.biz
ktivtbse.net
lbori.com
ltxbrwfosrg.net
mhjhb.com
mtqcpiwod.biz
nsjmewgdb.com
ntshnjyxfh.net
nxphotp.com
ocykqj.biz
oenjrcaly.net
oororgpkbp.com
ozlqvnkiq.net
palrw.org
pmotqmf.com
pvuxb.info
qffszcfgyzn.org
qfoilcqp.com
qjafgfp.net
rfduzjbztg.biz
riuvunis.info
rlbidexd.org
rntbogfz.biz
rtkrhxsp.biz
ruolomicarp.org
rxytvgkapvw.biz
safxg.net
sdxkcnzcvhd.org
shbyxebiec.biz
srsoeggve.org
tbkmloh.net
tezjm.net
tilazlfn.com
tqlxquy.org
trxho.org
uiiwmmgr.com
upyuqxpmlxt.net
vdunf.net
vtewiyny.info
vuahzmvf.biz
vweoof.org
wkjhjr.com
xehlydgan.net
xmmzcsqm.biz
xtjejduc.org
xxwoteojg.biz
xytbvkrqhu.info
ybhufq.net
yenhbrt.biz
yfczve.info
ylfamhcgn.net
ylzbgyorfy.org
ysxbkquj.info
ythekdrar.net
yudxsol.org
yzbvrteij.biz
yzpjvpkdtq.biz
zjxuw.org
zpqhr.biz
zuuroktw.biz
zzkjecmf.com
Read more how to block Conficker sites
Locate and delete Conficker registry entries:
KEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\{random}\Parameters\”ServiceDll” = “Path to worm”
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\{random}\”ImagePath” = %SystemRoot%\system32\svchost.exe -k netsvcs
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
“TcpNumConnections” = dword:0×00FFFFFE
Read more how to delete Conficker registry entries
Download RegistryBooster 2010 to scan errors caused by Conficker
Detect and delete other Conficker files:
%System%\[Random].dll
%Program Files%\Internet Explorer\[Random].dll
%Program Files%\Movie Maker\[Random].dll
%All Users Application Data%\[Random].dll
%Temp%\[Random].dll
%System%\[Random].tmp
%Temp%\[Random].tmp
We strongly recommend you to use spyware remover to track Conficker and automaticaly remove Conficker processes, registries and files as well as other spyware threats.
Trackbacks
- Remove Kido worm, Kido removal
- W32.Downadup.C removal, remove Conficker worm
- Remove Conficker.C, Conficker worm April 1st problem
- Remove Conficker.D, Downadup.D removal guide
Conficker