Thread: The Conficker Specialist

How to remove Conficker virus from PC

Since Conficker virus is spreading at an alarming rate, many tools are built to counter it and minimize the damage. This one is from McAfee. This is the Conficker version of McAfee Stinger ( a reliable stand alone tool). Please find the file attached.

If you don't know, Conficker is a new (and successful) virus which can cause considerable harm if left unattended.

Are you infected ? Check here

More info from Microsoft

Other tools - Windows Malicious Software Removal Tool - Download

Courtesy : Rameshjeee

Change to Open DNS - Instructions

Courtesy: cool_techie_tvm

Want more?

Symantec , Notes

Kaspersky

TrendMicro

F-Secure Malware Removal Tool

Sophos

AhnLab

ESET



Also refer

http://www.indiabroadband.net/comput...cker-worm.html (OpenDNS & Kaspersky Volunteers to fight against Conficker Worm)

http://www.indiabroadband.net/comput...ker-virus.html (How to avoid prowling Conficker virus)

Originally Posted by meetdilip

Since Conficker virus is spreading at an alarming rate, many tools are being built to counter it and minimize the damage. This one is from McAfee. This is the Conficker version of McAfee Stinger ( a reliable stand alone tool). Please find the file attached.

Good post dude, I really hope many people will make use of the tool

You deserve a repo mate !!

Keep up the good work :thumbup:

Thanks npu

Win32/Conficker.E was reported to Microsoft on April 8, 2009.

How to - Prevention and Recovery

Conficker virus takes advantage of a bug in Windows. It will be hard to remove once it benefits from the bug.

If you are not infected, prevent it with the patch (attached).

If you are infected, remove the infection with the tools available here and try patching after that.

Procedure:

Download > Double click the patch > complete the installation > restart

If you are in local network and want to scan for conficker machines both infected and clean....see here
Informatik IV: Containing Conficker

A network scanner available in this site which needs to be run on your local network. I did that and my IPS has successfully detected and blocked the traffic.

testing: given earlier in this thread.

Conficker Eye Chart

thanks. quite easy one.

The one which i have mentioned is useful for running scan on the whole network computers for possible infection.

@moderator
Please make this post "sticky" for some time in broadband forums specially BSNl/airtel/mtnl.

To add to the list:

One may also get the McAfee Conficker Detection Tool.

Details about Conficker in McAfee site: Conficker

Another reference (McAfee): Protecting Yourself From Conficker

Answer: By installing a fake antivirus, giving you fake alerts of virus threats and requesting paid fixing. Please do not fall into the trap.

This clearly indicates that they are aiming your hard earned money than trying to prove themselves.And this makes it dangerous. Expect more cunning tricks.

Details:

Conficker is downloading a program called Spyware Protect 2009 and displaying warning messages saying that the computer is infected and offering to clean it up for $49.95.

Here is what it shows



What's new?

Researchers still analyzing new component code of the worm that began being spread via peer-to-peer and being downloaded off domains that host the Waledec worm on Wednesday but were finding the task difficult because the instructions are encrypted.

Please consider including this URL in your signature that others can benefit.

Good one..Rep +

A very informative thread

Rep+ for you mate

Conficker wakes up, updates via P2P, drops payload - CNN.com

Brief extract:

...............
The worm spreads via a hole in Windows that Microsoft patched in October, as well as through removable storage devices and network shares with weak passwords.

The worm disables security software and blocks access to security Web site

Originally Posted by essbebe

Conficker wakes up, updates via P2P, drops payload - CNN.com

Another important extract:

It also does not leave a trace of itself in the host machine. It runs and deletes all traces, no files, no registries etc.

P.S: Thanks for the update.

Whats next?

It may come up with a fake Paypal, SBT or ICICI bank or HDFC bank site

If you haven't patched, Please do it now.

Why?

Infected computers could still be remotely controlled to do something else.

How to identify?

The worm disables security software and blocks access to security Web sites.

Been monitoring net for a week. No major updates till date.

From Post no. 1:
Check for the virus.
http://www.confickerworkinggroup.org...feyechart.html

more information.

Conficker Worm Removal | PC Pitstop

Manually remove Conflicker-

Virus alert about the Win32/Conficker.B worm