The Latest Scoop on Conficker Worm and How to Remove Conficker Worm

Conficker Worm has now spread to over 8.9 million computers worldwide

If you remember we just posted a few days ago about the Conficker Worm spreading to over 8 million computers worldwide. It is now apparent that it has spread to about 8.9 million PC's worldwide from just 2.4 million as initially reported. Panda Security estimates that one in every 16 PC's could be infected with the Conficker worm.

The Conficker Worm, or known as W32.Downadup.B variant, has affected Windows computers where it has spread from corporate networks to USB Flash drives. It seems that this worm infection may generate hundreds of domain names daily for the download of malicious files thus spreading the infection to even more systems. Conficker can be compared to that of a botnet where it carries out these automated functions to spread itself.

As explained in earlier articles on Spyware-Techie, the Microsoft security patch back in October to address a similar infection is currently unable to ward off this current worm infection. Several versions of the Windows operating system are vulnerable including Windows 2000, XP, Vista and Windows Server 2003.

How do we stop Conficker Worm?

What personal computer users can do is disable autorun as this applies to users who utilize USB flash memory drives. The US-CERT website has provided information on how to effectively disable Autorun. It is known that USB Flash Drives are one of the culprits for spreading Conficker Worm as it is known to be a worm infection that attaches itself to a USB flash drive.

Useful link: How to effectively disable Autorun to prevent the spread of Conficker Worm via USB Flash Drives

Below you will learn how to manually remove Conficker Worm

Conficker Worm Manual Removal Instructions

This manual removal method is for techie computer users. Conficker Worm manual removal may be difficult and time consuming to remove. There's no guarantee that Conficker Worm will be removed completely. So read the Conficker Worm removal steps carefully and good luck.
Before you start: Close all programs and Internet browsers. Also back up your computer in case you make a mistake and your computer stops working.

Conficker Worm may attach itself to the following executable files:
svchost.exe
explorer.exe
services.exe

  1. Restart your computer into safe mode (how to boot into safe mode)
  2. Uninstall Conficker Worm Program
    Click on Start > Settings > Control Panel > Double-click on Add/Remove Programs. Search for and uninstall Conficker Worm if found.
  3. Block the following Conficker Worm websites:
  4. To Unregister Conficker Worm DLLs (view DLL removal steps)
    Search and unregister these Conficker Worm DLLs:
    %Temp%\[Random].dll
    %System%\[Random].dll
    %Program Files%\Internet Explorer\[Random].dll
    %Program Files%\Movie Maker\[Random].dll
    %All Users Application Data%\[Random].dll

    To locate the Conficker Worm DLL path, go to Start > Search > All Files or Folders. Type Conficker Worm and in the Look in: select either My Computer or Local Hard Drives. Click the Search button.
    Once you have the Conficker Worm DLL path, go to Start and then click on Run. In the Run command box, type cmd, and then click on OK.
    To locate the exact DLL path, type cd in order to change the current directory. To display the contents of the directory, use the dir command. To remove the DLL file type regsvr32 /u FILENAME.dll (FILENAME is the name of the file that you want to unregister).
  5. To unregister Conficker Worm registry keys (view registry keys removal steps)
    Go to Start > Run > type regedit > press OK.
    Edit the value (on the right pane) by right-clicking on it and selecting the Modify option. Select the Delete option.
    Search and delete these Conficker Worm registry keys:
  6. If your homepage has been changed, go to Start > Control Panel > Internet Options > click on the General > click Use Default under Home Page. Add the your desired default homepage, then click Apply > click OK. Open a new web browser to check that you have your desired default homepage.
  7. To remove Conficker Worm icons on your Desktop, drag and drop them to the Recycle Bin.

You've completed the Conficker Worm manual removal instructions!
I hope this article has helped you solve your Conficker Worm problems. If you want to contribute to this article, post your comment below.

Disclaimer: This article is for educational purposes. By using this information you agree to be bound by the disclaimer. There's no guarantee that Conficker Worm will be completely removed from your computer. Seek professional help if your computer continues to experience problems.

  • http://extremesecurity.blogspot.com Extremesecurity

    Did Downadup/conficker attack your network? I've created a batch file for system administrators to clean/patch/cure infected systems in their networks.

    check it out here:

    http://extremesecurity.blogspot.com/2009/01/beat-downadupconficker-like-pro-my.html