Conficker: What is It? How do I Remove It?

Hi guys, I just realized that a lot of computers are still infected by the worm, so I made this short guide to help anyone out. Suggestions, comments, and corrections welcome!

What is Conficker?
Conficker is a computer worm that targets Windows, and currently (as of April 21, 2009) infects the largest number of computers worldwide since the SQL Slammer worm of 2003. The goal of this worm, if any, remains unknown, but security experts agree that the vulnerabilities Conficker creates can allow someone else to gain control of a computer for their own purposes.

Why is Conficker Dangerous?
To protect itself from removal, Conficker disables the security systems of a computer it infects. Examples include preventing anti-virus programs from accessing their update servers, disabling Windows Update, and keeping anti-malware programs from running. Left unchecked, older versions of Conficker actually update themselves to more capable—and dangerous—versions.

This represents a clear and present danger for any computer infected by the worm. Aside from any potentially destructive effects of Conficker itself, the computer also remains vulnerable against viruses, other worms, and all sorts of malware.

How do I Remove Conficker?
Last October, Microsoft released a patch designed to protect a computer running Windows from the Conficker worm. Before the patch can be safely and effectively applied however, anti-virus or -malware programs should be run to ensure that the worm is not present in the system, or to remove it if it is present.

Luckily, thanks to the publicity generated by the worm, there are numerous anti-Conficker tools available, accessible by Googling "Conficker removal tool":

-US CERT recommends that you properly disable AutoRun in Windows to prevent a variant of Conficker from spreading through removable media
-Microsoft recommends using an updated version of its Malicious Software Removal Tool
-Security vendors, like AVG, BitDefender, Enigma Software, ESET, F-Secure, McAfee, Sophos, Symantec, and Kaspersky Lab, have released their own anti-Conficker software.

Once you've removed Conficker from your system, you can apply Microsoft's patch to prevent reinfection.

How do I Protect Myself from Conficker?
First, make sure your computer is free of Conficker (see above).

Install an anti-virus program from a reliable security vendor (such as the ones mentioned above) and make sure it stays updated constantly.

Make sure to install Microsoft's patch.
10 answers Last reply
More about conficker remove
  1. Thanks r_manic! This is definitely a useful guide!

    You listed numerous Conficker removal tools though... what's the best in your opinion?
  2. I would say AVG, j29. Even AVG Free can remove the Conficker worm via a "normal" scan, if I'm not mistaken.
  3. ...and if you were running AVG Free and kept it properly when the whole brouhaha started last October, you would've been ok. :)
  4. You cant even download that anymore right?
  5. Are you talking about AVG Free tallguy? Last I heard you can still get it at
  6. I had AVG Free, then I got rid of it, then I went back to their website to try and find it again and it said they no longer offer it free.
  7. There is a free version, it's just a little more work to get to it now:
  8. Ok this can help you with your problem about "conficker removal"
    Check this website
  9. acerosalez said:
    Ok this can help you with your problem about "conficker removal"
    Check this website

    Well, u are responding to 30 mo. old thread : ) I am sure, lots of things have changed since the original post.
  10. This topic has been closed by Nikorr.
Ask a new question

Read More

Security Worm Computers Apps