How to remove Conficker.CTuesday, March 31st, 2009 at 4:00 am
Home » Backdoor, Worm » Conficker.C
Conficker worm and trouble it brings made it to the headlines of all the news. What is so dangerous about the Conficker/Downadup/Kido and why this malware gets this much attention? What happened on April 1st?
Conficker worm disables security applications and blocks many security related websites. This feature alone is quite dangerous because compromised machine becomes vulnerable for various cyber attacks. However, the main goal of the worm is to join computers into a giant botnet. Since a machine infected with Conficker is unprotected, it can be infected with other malwares. This can lead to stolen information and other problems. Zombie networks are usually employed to do different jobs: they might be used to send spam, to do DDoS attacks and to cause similar troubles. Once a computer is infected with Downadup a.k.a. Conficker, it can be used for all these things any time.
Conficker worm is detected as Kido or Downadup by some security tools. The malware appeared on the internet on November 2008; there are three different versions of Conficker at the given moment. They are named Conficker, Conficker B (a.k.a. Conficker B++) and Conficker.C (a.k.a. W32.Downadup.C). The second variant is the most widespread; the worms have infected 1-2 million PCs so far. While analyzing code and patterns of Conficker.C, security experts found out that the worm is set to receive specific remote instructions on April 1st 2009. The third version of this malware is not common but it is as dangerous as the previous ones. Although no one could tell what Conficker.c was going to do on the April 1st, the worm can receive instructions on any other day too. In other words, Conficker.C was equally dangerous on April 1st as it is dangerous on any other day.
Many websites speculated the situation by spreading misleading information about Conficker.C and its actions on April 1st. Your computer can only be affected by Conficker if it’s already infected by this worm. You do not need to keep your machine turned off, you don’t have to change computer’s date settings and there is no need to worry about some mysterious virus attack.
Conficker works secretly in a background but you can suspect the infection when you can’t access security related websites and when you can’t launch security tools.
Get rid of Conficker.C
How to manually remove Conficker.C
To remove Conficker.C spyware you must block Conficker.C sites, stop and remove processes, unregister DLL files, search and delete all other Conficker.C files and registry utility. Follow the Conficker.C detection and removal instructions below.
The most typical software removal method is to remove Conficker.C by using "Add or Remove Programs" service. However there may be hidden Conficker.C files, running processes and registries in your computer, so Conficker.C may recreate all other files after reboot.
Conficker.C manual removal instructions
Locate and delete Conficker.C registry entries:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\"[RANDOM CHARACTERS]" = "rundll32.exe "[RANDOM DLL FILE NAME]", [RANDOM PARAMETER STRING]"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\[RANDOM CHARACTERS]\"ImagePath" = %System%\svchost.exe -k netsvcs
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\[RANDOM CHARACTERS]\Parameters\"ServiceDll" = "[PATH TO SECURITY RISK]" Read more how to delete Conficker.C registry entries
Download RegistryBooster 2010 to scan errors caused by Conficker.C
We strongly recommend you to use spyware remover to track Conficker.C and automaticaly remove Conficker.C processes, registries and files as well as other spyware threats.
- Remove Conficker worm, Downadup removal
- Remove Conficker B++ worm, Conficker B removal
- W32.Downadup.C removal, remove Conficker worm
- Conficker.E worm removal, delete Conficker-E