The Register reports that 3 in 10 windows PC are vulnerable to conficker attacks.This conficker remove article is about removing the conficker/ downadup virus and the relationship between conflicker and fake anti virus protection softwares. This conficker repair post will also provide you information on conficker virus removal tools that are available.
Downad / conficker symptoms
The conficker computer worm, also known as downup, downandup and Kido first surfaced in 2008 but as of January 17,IBN Live reports that 6.5 million computers have already been infected by this virus. When the downadup or conficker worm is executed in a PC, win 32 downadup virus disables systems such as the Windows Automatic Update, Windows Security Center, Windows Defender and Windows Error Reporting.
Conficker and fake anti virus protection softwares
It is also reported that there is a link between conficker and rogue antivirus protection tools. In April 2009, PC world reported that conficker actually installs rogue anti virus protection programs. These bogus pc security tools pretend to be legitimate security softwares but are actually malwares. A number of these fake anti virus protection softwares such as the ecovirus, cyber security virus and security tool virus are exposed in this site.
The downadup worm also gathers personal information and installs malware into the infected computer. The downadup worm also attaches to several windows processes including svchost.exe, explorer.exe and services.exe. Other symptoms are enumerated in this site: http://vil.nai.com/vil/content/v_153464.htm . Removing conficker virus from your system, fortunately, is possible.
Removing conficker worm
The easiest way to remove conficker is to use a conficker remover. but because the conficker worm also spreads through portable storage devices such as USB drives, disabling your PC’s autorun feature for external media is recommended. The following are conficker worm removal applications that you may want to check out:
Conficker Removers: Conficker Virus Remover Applications
Several Win32 conficker removal tools are now available. To remove conficker with a conficker remover, check out the following urls to Download downadup/conficker remover tools:
Symantec W32.Downadup Removal Tool http://www.symantec.com/content/en/us/global/removal_tool/threat_writeups/FixDownadup.exe
F-SECURE Malware Removal Tool: ftp://ftp.f-secure.com/anti-virus/tools/beta/f-downadup.zip
Microsoft’s Malicious Software Removal tool: http://www.microsoft.com/downloads/details.aspx?FamilyId=AD724AE0-E72D-4F54-9AB3-75B8EB148356&displaylang=en
Remover conficker applications may be regularly updated to make conflicker virus removal efficient in removing new variants of this worm. Make sure to check out the respective developers’ site of these virus conficker removal tools.
The above conficker remove link downloads can be accessed by copying the urls to your favorite browser.
You can also read the following conficker virus removal articles to learn more how you can protect your PC from Conficker virus, repair conficker virus damage and how you can manually remove conficker:
Virus alert about the Win32/Conficker.B worm: http://support.microsoft.com/kb/962007
Protecting Against the Rampant Conficker Worm: http://www.pcworld.com/article/157876/conficker.html?loomia_ow=t0:a16:g2:r1:c0.364912:b21134527
Related articles:
antivirus system pro removal tool
additional guard virus
Updated November 26, 2009
Related posts:
- Conficker Virus Check No more ...
- Remove Confickr Virus with Free Conficker Remover Computers with conficker infection can’t access the websites of Symantec, Microsoft, Malwarebytes and other security companies’ websites. So what do you do if your PC is already infected by the confickr virus? Conficker virus fix : There are free...
- How to Avoid Conficker April 1 Virus Websites are buzzing about the conficker april 1 virus. Reportedly, the conficker c virus aka conflicker, kiddo and downadup will evolve on April 1 making it more difficult to remove. Many security experts, however, believe that the april 1...
- Conflicker Virus: Protection and Removal This article provides conflicker remove information as well as identify a conflicker virus removal tool that you can use to get rid of conflicker. ...
- Conficker E Detected on April 7 Trend Micro detected the Conficker E variant also known as WORM_DOWNAD.E on April 7, 2009. Conficker E Characteristics The Conficker E variant propagates itself through MS08-067 to external IPs if internet is available and uses local IPs if there...
- Conflicker Virus This post provides information on how to remove conflicker worm or the so called april 1 worm virus. If you suspect that there is a conflicker c activity in your PC, you may want to read this article on...
- Conficker E Removal The trend micro blog has reported about the emergence of the conficker.e variant on April 7 and those who have the conficker virus become target of fake security software such as the spyware 2009 and SpyProtect 2009 which promise...
January 21st, 2009 at 6:07 pm
thanks for this informative post. never encountered that virus yet. hoping i will.
so that i may apply what you have suggested.
January 21st, 2009 at 8:28 pm
What? You want your computer infected with this conficker computer virus?
January 21st, 2009 at 9:02 pm
Related Article: Win32/Conficker (W32.Downadup) Worm Could Exist In Over 1 Billion Computers
January 22nd, 2009 at 4:36 am
I have this stupid virus and many of the “experts” are wrong – especially the ones who say that this worm is more or less harmless. This this is adapting and spreading even with all of the updates and security patches in place. I’ve done everything that they claim will protect and get rid of this thing and nothing works. I’ve almost resigned myself to the fact that I will have to strip my drive and reinstall everything. (It’s a good thing I still use my old school smarts and keep my vital data on a different drive – the conficker seems to be confused by that one:))
January 22nd, 2009 at 9:52 am
Catalin,
Thanks for the link and information.
ZGuy,
Computer viruses are getting “smarter” and they do “evolve” to continue spreading and infecting more computers.
January 22nd, 2009 at 4:59 pm
Other symptoms include modifications to DNS and TCP/IP configuration. Conficker will also open lots of un-authorized ports in your Firewall, so a good way to check is to have a gander at your ‘Wall and see if there are ports open that shouldn’t be.
This is probably, code-wise, one of the most advanced viruses in circulation. Spent 8 hours dissecting it yesterday on a honey-trap machine: incredible line architecture.
January 23rd, 2009 at 7:44 am
Thanks for the info Valedictorian.
January 30th, 2009 at 10:41 pm
Hello , iam requesting yahoo to remove the fanbox from my pc, i dont like this groups and also nasty attitude , they dont opinion they talk about peep , and i want this fanbox out from my pc , can someone help , Daisy
January 31st, 2009 at 10:04 am
Daisy,
please check out this post: http://cantalktech.com/2008/05/30/how-to-stop-receiving-fanbox-spam/
February 1st, 2009 at 2:49 am
I can’t click the download button. Well, I can click it, but it says “Connection to the server has stopped”. (Using Firefox). Is there another way? BTW, It won’t let me access the Microsoft website, or any virus-curing type site. Is this that virus?
February 1st, 2009 at 2:51 am
Mikey,
I messed up with my site just a few minutes ago, please try to click the link again, it seems to work now.
February 1st, 2009 at 2:59 am
“Connection Interrupted.The connection to the server was reset while the page was loading. The network link was interrupted while negotiating a connection. Please try again.” Is what comes up when I try to click it (both before and after). I Can’t access the other sites either. They both say the same thing. Actually, I CAN access the microsoft link, but when I go to download it, it says the message up above. Plus, sites just pop up whenever I try to do links, so I have to copy and paste the site names into the url at the top.
February 1st, 2009 at 3:03 am
See if you can copy and paste this:
http://www.symantec.com/content/en/us/global/removal_tool/threat_writeups/FixDownadup.exe
February 1st, 2009 at 3:07 am
It’s not that the link didn’t work for that, It just gave me the error message. BTW, I just tried to copy and paste that and It didn’t work. Got the same message again. Wait, would I be able to download it off a different computer, use my Flash Drive (which doesn’t have the virus on it, I haven’t used it in a while), and put it on this one? Then just run an avg check or something on my drive? (Speaking of AVG, It won’t let me update it.)
February 1st, 2009 at 3:10 am
Please try to read this: http://busaustralia.com/forum/viewtopic.php?f=28&t=38241
It might help
February 1st, 2009 at 3:28 am
Wow, thanks Rhodilee, it worked. I can download it now, much appreciated.
February 7th, 2009 at 11:50 am
You are welcome Mikey
I just wonder which of the virus removal processes mentioned in that forum you used to remove the conficker virus…
February 8th, 2009 at 11:15 am
The one where you turn off the device driver.
February 8th, 2009 at 11:20 am
Thanks for the info Mikey.
Reposting here the process from Bus Australia:
Go to
Control Panel > System > Hardware > Device Manager > View > Show Hidden Devices.
Scroll down to “Non-plug and Play Drivers” and click the plus icon to open those drivers.
Search for “TDSSserv.sys”
Right click on it, and select “Disable”
If you select Uninstall, it will install itself again when you reboot the system, so DON’T select Uninstall.
Restart your pc.
You can now update your Antirus/Malware/Rootkit softwares
February 18th, 2009 at 7:42 am
Hey Guys we have a virus like that conficker etc. any worm virus but my anti-virus can remove all that shit worm, they said its made it from a rusian developer who knows guys,just email me d.vallesfin@gmail.com
This is ZeR0C0L from cebu philipines
February 18th, 2009 at 8:07 am
Dont worry about that all worm virus in our company we are also infected on that virus any worm, even though you have AVG,Node32 can’t remove some of that worm because this is a new virus, guys as i said we have an anti-virus on that if your data is very important its already infected on that worm i can help you. just mail me. d.vallesfin@gmail.com
February 22nd, 2009 at 9:43 am
Dandan,
The conficker computer virus infection is from a “rusian developer”? Hmmmm… Microsoft is reportedly awarding 250,000 dollars to anyone who will give them info about whoever made this annoying computer virus…
February 24th, 2009 at 3:32 am
My company has over more then 500 computers now infected with the virus. LOVELY!
February 25th, 2009 at 8:09 pm
i can fix this
February 25th, 2009 at 8:09 pm
i can fix this, i have found a solution!
March 2nd, 2009 at 9:49 am
Hi All, I write step by step how to remove this Worm in my Blog.. http://www.gokhiel.com/2009/02/how-to-remove-eliminate-conficker-worm.html
March 9th, 2009 at 9:02 am
Hi. Here is a writeup on Step by Step removing the Conficker virus from multiple PC’s.
http://blog.sekiur.com/2009/02/step-by-step-in-dealing-with-conficker/
March 12th, 2009 at 3:15 am
If the virus is so prevalent and still growing relatively quickly, where are the recent numbers talking about how many computers are infected? If it was 10 million in January after a couple weeks, is it now 100 million? More? Less? Where are the stats?
And I know there are probably a lot of hard-core Windows users who will complain to me, but have you guys considered Linux or Macs? The lack of viruses should be more than enough incentive. If anyone is afraid about money, Linux is free. If anyone is afraid about ease-of-use, Macs are easier than PCs with Windows. I know from experience. And they’re not really so expensive. You can get a decent Mac Mini for about the same price as an HP Slimline with similar specs, and lots of Mac software is way less expensive than the Windows versions.
March 25th, 2009 at 9:04 pm
I have similar topic with your blog, do you get shit loads of spam? I hate those spam that clutter my blog!
March 26th, 2009 at 6:02 pm
[...] Microsoft provides a conflicker removal tool, the Malicious Software Removal tool (MSRT). Links for this conflicker remover and more information about the conflicker are available in this link. You can also read this post: How to remove conficker virus [...]
March 28th, 2009 at 12:39 am
they have found a way 2 stop the virus it on a sweetish web site it in latin (i under stand it )
March 28th, 2009 at 12:40 am
they have found a way 2 stop the virus it on a sweetish web site it in latin
(i under stand it )
hope u people do
March 31st, 2009 at 12:26 am
I am hearing rumors that this virus is set to do more damage on april fools day. I didn’t think it needed a special day to ruin one (it didn’t need a special occasion to ruin mine:)). Has anyone else heard the rumors? Have any of you who have taken it apart found anything like that in it’s code? Just wondering.
March 31st, 2009 at 1:59 am
[...] say that it hasn’t resulted in much damage and that its impact is primarily http://blogs.wsj.comHow to Remove Conficker VirusThis article is about removing the conficker/ downadup virus The conficker computer worm, also known [...]
March 31st, 2009 at 2:10 am
[...] Removing conficker virus Conficker Protection and Removal Related PostsHow to Remove Conficker VirusThis article is about removing the conficker/ downadup virus The conficker computer worm, also kn…New Google feature to predict tomorrow’s eventsGoogle Australia announced a new Google feature called the gday which can predict news events, sport…Conflicker Virus: Protection and RemovalHow to Protect Your PC from Conflicker Virus Among the things that you can do to protect your com…How to avoid getting a yahoo messenger virusPreventing Viruses on USB DrivesCantalktech.com is an internet security website that provides spam filtering and spam prevention information. It also provides computer anti virus protection articles and virus removal tips. Written by Rhodilee [...]
March 31st, 2009 at 10:02 am
hiks2.. that viruses attacking me this past few weeks and i got to change my internet antivirus on linux. hope this removal work out. thanks..
March 31st, 2009 at 6:12 pm
[...] [1] How to Remove Conficker Virus [2] CITES :: Conficker Virus [3] Conficker – Wikipedia, the free encyclopedia [4] More details on [...]
April 1st, 2009 at 12:45 am
yah that is onE of the symptoms that u are indeed infected by Conficker worm.
now in order to remove the conficker to ur pc u need to
use another pc which is not infected and download the patch
from any free pc scanning websites.
April 1st, 2009 at 6:58 am
Tried to disable the driver, still can’t update or install anything. Does the microsoft remover or the one link from the austrialian bus work? if so i’ll try to get them from another computer via email or flash drive
April 1st, 2009 at 8:00 am
You can follow these step by step guides to remove conficker, works 100%
http://www.livecrunch.com/2009/03/31/tips-and-tricks-how-to-remove-conficker-worm/
April 1st, 2009 at 8:16 pm
this conficker virus seems to be really getting out of hand. i still cant work out how to get it off properly anything that Microsoft and other security sites tell you to do don’t really work.. i have tried a system restore, so that i can at least install the security patches.. and its letting me do that. but i would suggest just to format and reload windows.. its the best way to get rid of any virus’s… and its probably gonna be easier to do it like that anyway
April 1st, 2009 at 9:43 pm
Conficker will be easy to track to the origin of owner… just have alot of anti-virus on your computer, when you get the virus open up an op tracer or any hacking tool such as Backtrack or IP-Tool.. when you do that, scan your computer with the anti virus and some boxes should pop up with either ip addresses or proxys, go into your IP-Tools and click on Tracer, enter the ip’s/proxys in the tracer and scan, if it is a proxy you might have to do some more advanced hacking
April 1st, 2009 at 10:23 pm
I believe I may have this problem. I can’t access the msn website and all anti-virus sites. Tried the link you furnished and I also get the same result – Page Load Error. I am a bit worried about its impact on my online transactions. Will this virus compromise the security of my online banking transactions and my PayPal account?
April 1st, 2009 at 11:14 pm
can you please mail me the patch or post another link that targets a different location other than those links that locate to anti-virus websites, because maybe you know that computers infected with this worm cannot access the sites provided above…
thanks
April 2nd, 2009 at 12:50 am
does it stay off of partitioned/virtual drives????????
April 2nd, 2009 at 7:53 am
You likely have the conficker virus if you can’t access the removal tools and the antivirus sites. Read this post on how to get rid of the conficker virus IF you can’t access the removal links: http://cantalktech.com/2009/04/01/infected-conficker-virus/
April 3rd, 2009 at 2:36 am
ifd anyone need the fix, and can’t access antivirus websites
http://www.slingfile.com/info-92127532694144132036186344914919824b869c00f3e252.html#mail_info
April 3rd, 2009 at 2:37 am
ops sorry
http://www.slingfile.com/file/37828-3093122491.html
April 3rd, 2009 at 7:52 pm
I have the conficker worm on my computer. I have downloaded all the tools but nothing seems to work. I tried Symantecs in safe mode, didnt find anything. The Microsoft Malicious software tool says I need administrator rights (I am logging in as admin…conficker has affected my admin I am assuming). I tried F-Secure’s, Trend Micro Damage Cleanup Engine, BD rem tool but none of them pick up anything. I do know I have it as I can’t get to the sites needed or download them and it appears it has taken over admin on me. Any suggestions?
April 7th, 2009 at 12:49 am
wel atually there is a way to solve ur problem.
now dont use any GUI baSe conflicker remover software because it will just automatically close by the worm instead use a command prompt style conflicker remover such as “conflicker memory disinfecter” now upon using this software you need to unplug ur computer from the internet or in a network and when scanning is complete it recommends u to restart, restart ur computer. when ur computer finish reStarting u are not finish yet instead plug ur computer in the internet now try to surf the microsoft website and if u can successfully view it. u are now 80% success cleaning ur computer from conflicker. now the last step that u will do is to install latest antivirus software such as nod32 team it up with super antispyware for more instense protection and USB security disk for flash drive. thats ol i hope it can help solve ur problem..tc
April 7th, 2009 at 7:45 am
I have a problem, as well. (I wouldn’t be posting otherwise.) I am pretty sure that I got the Conflicker Virus, but I can’t use the programs or view the websites. Heck, I can’t even boot up! I turn on my computer, it tries to boot windows, then it says that it couldn’t. Then, it asks if I would like to run Windows Startup Repair. I hit enter, (yes), and it tries to run that. It fails, goes to a blue screen, then either turns off or resets. When I say that I want to start Windows normally, it says “Windows is loading files…” with a loading bar beneath it. When it gets to a certain point in loading, it stops and starts over. I then have to turn the machine off. I don’t know what to do about this, but I want to do something, myself, first. Before I take it to a professional, that is. Thanks for any help that you can give me!!!
- ZackCopy
April 8th, 2009 at 7:43 am
i believe that i have the virus. i first noticed it when i plug my usb in to my laptop and the autorun had been edited to fun a file it created in the recycle folder. i successfully removed all evidence of these files and folders but i cant run my anti virus software (paid version of AVG
plus now when ever i run photoshop my memory dumps every time. i have tried all the downloads but i still have the problem another thing is that this same thing happened to all my computers at home. i managed to open the file in text to check out its code. ignoring all the funny characters at th etop this is what i was left with “KERNEL32.DLL CreateTapePartition GetComputerNameA CloseHandle SetDefaultCommConfigA VirtualProtect DisableThreadLibraryCalls CreateFileA RtlZeroMemory GetShortPathNameA ExitProcess InitAtomTable BeginUpdateResourceA GetOEMCP CreatePipe GetFileAttributesExA ReadConsoleOutputW FreeLibrary WriteFile SetUnhandledExceptionFilter AllocConsole CreateFileW GetProfileIntA ReadFile GetThreadPriority ConvertDefaultLocale ADVAPI32.DLL AccessCheckAndAuditAlarmW SetFileSecurityW SetNamedSecurityInfoW CryptEnumProviderTypesW CryptContextAddRef GetKernelObjectSecurity GetMultipleTrusteeOperationA SetEntriesInAuditListA BuildExplicitAccessWithNameA GetLengthSid ConvertSecurityDescriptorToAccessW GetTrusteeTypeA LogonUserW”
my kernall32 file looks very messed up and was wondering if i download kernall32 file weather that could stuff my laptop up any further?
any advice and getting this virus out of my machine would be handy.
if i back up onto disks only the files i want eg music, vidoes, pictures and documents and then format the harddrive would this fix it?
April 8th, 2009 at 8:40 pm
what is ever 1 talk about
April 11th, 2009 at 9:49 am
[...] Additionally, the conficker worm virus reportedly shows hints on how it will be used by its creators to earn money. Researchers at Kaspersky Labs say that the conflicker worm virus downloads the fake security scanner Spyware Protect 2009 into conficker infected PCs in a bid to earn money from people looking for computer infection solution. The Spyware Protect 2009 rogue antivirus is advertised through pop up advertisements. There are free conficker removal tools however that you can use for conficker worm removal. You can check out this article on free Conficker removal programs. [...]
April 14th, 2009 at 8:53 am
Okay i have this annoying pop up. It says Windows security center and how i need to do such and such. I used the link to remove the dreaded Conficker Virus. But the toll said I am not infected with it. So what is wrong with my computer any help please.
April 14th, 2009 at 8:58 am
Edit: It also appears as Internet Antivirus Pro
April 14th, 2009 at 9:04 am
Never mind i figured it out i have Internet Antivirus Pro.
April 14th, 2009 at 10:58 pm
someone i know just got a new comp and got infected before they could update security. Will reinstalling system to factory remove conficker? They don’t have any files to save so nothing needs to be backed up.
April 19th, 2009 at 11:40 pm
I believe I have the virus and every link I try to use to remove the virus will not work. I cannot access any of my antivirus stuff. I need help. I am not computer savvy enough to figure this out!
April 23rd, 2009 at 11:20 am
hmm well i had one of the conflickers and i couldnt system restore couldnt open microsoft office cause i wasnt admin so this virus i had lost my rights
the only one thing to do is format or revoer data loss
April 24th, 2009 at 11:28 am
This virus is pretty sucks.
attacked my company server several times and made my servers halted totally at all. My Oracle Finance application and My Maximo cannot run. I restarted the server, but after the server was restarted, the servers still halted! no applications can run! So, I had to format the server 3 times to get rid of this fucking virus!
Fuck this conficker creator, I wonder if he/she is laughing out there while we’re getting into this trouble! Fuck this fuckhole!
May 6th, 2009 at 8:31 am
I completely agree with you, Santiago. I’m in the Point of Sale industry and I’ve had seven of my stores attacked by this virus. Currently installing a new store set to open tomorrow and my entire network of 15 systems will have to be reloaded if I can’t find a cure within the hour. Let’s hope this bastard trips and breaks his neck getting out of his car.
July 1st, 2009 at 3:17 am
I wish that asslicker would get a heartattack. I wish the makers of all extreme, non recoverable viruses would slip on shit, get a load of it in his mouth, and some random gangsters screw the living shit out of them. Assfaces.
September 1st, 2009 at 4:25 pm
doesn’t anybody realize that its all in the plan of Microsoft???
my theories…
1. how did they know that its gonna be lunch on april 1st..?
2. how did they cracked its so easily upon the lunch of the virus..?
3. or they were the one who spreads the virus…HELLO???? new anti virus = New PAyment….
December 17th, 2009 at 1:10 am
okay people help me out here .. my fiance is IT Manager for a huge company … infected with this Conficker crap … nothing is working .. the steps do not work on his servers .. does anyone have any idea what to do .. ? If this doesnt get fixed he wont be home for christmas ..
.
December 17th, 2009 at 9:40 am
To Jennifer C,
Had the same problem and the only “fast acting” tool that
worked for me was the “Sophos Conficker Removal Tool”
available for free download, my have to sign up, can’t
recall…But it worked like a charm. The other tools
including McAfee did not work. AVG’s Corporate version
of their antivirus works extremely well…Just my humble
two cents….Cheers
December 17th, 2009 at 9:43 am
….Additionally, very important that the machines
are properly patched and updated. Otherwise, you
will have to try additional tools from ESET, F-SECURE,
SYMANTEC and of course, SOPHOS…