What is Conficker virus and why should i be worried.
Conficker, also known as Downup, Downadup and Kido, is a computer worm that may become available when April 1st, 2009, comes around. Conficker A, B have infected more than nine million computers worldwide and was spreading at a rate of one million machines daily but the latest variant Conficker C could be one of the most damaging in years. If you are current on Windows updates and your antivirus is enabled and current, you should be fine.
How is most susceptible to attack.
Unpatched Windows 2000, Windows XP and Windows Server 2003 machines are at the greatest risk. People running Linux and MAC systems are not affected by this virus.
What are symptoms of this virus infection.
- Account lockout policies are being tripped.
- Automatic Updates, Background Intelligent Transfer Service (BITS), Windows Defender, and Error Reporting Services are disabled.
- Domain controllers respond slowly to client requests.
- The network is congested.
- Various security-related Web sites cannot be accessed.
How to scan for the worm
If you do get infected, one of the following free programs released by major security publishers will help remove the worm.
- Microsoft Online Scanner: http://onecare.live.com/site/en-us/default.htm
- NOD32 (Eset) Online Scanner: http://www.eset.eu/online-scanner
- Norton(Symantec) Online Scanner: http://security.symantec.com/sscv6/WelcomePage.asp
- McAfee Online Scanner: http://us.mcafee.com/root/catalog.asp?catid=free
- AVG Online Scanner: http://www.ewido.net/en/onlinescan/
- Trend Micro Online Scanner: http://housecall.trendmicro.com/
- Honeynet Project Online Scanner: http://iv.cs.uni-bonn.de/conficker
How to Remove Win32/Conficker ( works when unable to access above web sites.)
BitDefender has set up a new domain from which users can download free Conficker disinfectant utilities. This site, BDTools.net, is not currently blocked by the worm, to the best of my knowledge. The site offers three options: (a) a free online scan; (b) a free, downloadable Single PC Removal Tool for individual users; and (c) a free Network Removal Tool, an .exe file that IT admins can use to disinfect an entire LAN.
Microsoft recommends to download and run MSRT from it’s site. Read the earlier post Free Microsoft Malicious Software Removal Tool 2.5 and follow the instructions posted at its support site.
Eset / Nod has some instructions for Removal of Win32/Conficker here. Copied below
- Disconnect the infected computer from the network and the Internet.
- Use an uninfected PC to download the respective Windows patches from the following sites: MS08-067 , MS08-068 a MS09-001 .
- Reset your system passwords to admin accounts using more sophisticated ones.
- Download an one-off ESET application (again, using a non-infected PC) which will remove the worm. http://download.eset.com/special/EConfickerRemover.exe
- Install the updated anti-virus program.
- Re-connect the PC to the network and the Internet.