The Conficker worm is one of the more popular these days. It is also very difficult to remove. I have found a quite ‘simple’ solution to it, but it requires some sideway paths to solve it.
It is possible to remove the virus manually, like I described in one of my previous posts, but the catch here is that you need to know exactly where the virus is ‘hiding’ (and it requires also more technical experenice).
Before I present the solution, note the symptoms of the Conficker worm :
- Access to security related web sites is blocked.
- Disables AutoUpdate
It blocks all (or almost all) antivirus companies, disables the autoupdate, for it is very hard to remove. The real problem with using an antivirus is that you need some recent definitions to be able to remove the virus.
So one of the possible solutions here is to use simply an antivirus to do the work. Luckily for the ones that don’t like to pay for an antivirus there is the free Microsoft Security Essentials, which in my case did the job (you need to pass the genuine windows check to be able to install it).
However, we still get back to the problem that all the Microsoft domains are blocked by Conficker, so we have to download it elsewhere.
I’ve found it on Softpedia and you can download it here:
Next, we need the definitions. But because Conficker blocks the Microsoft domain, it will not be possible to download it via the usual update function. Even for this problem, there is a solution. You can download it manually (also from the Microsoft site):
- http://support.microsoft.com/kb/971606 (about 40MB)
You can download this on a machine that is not infected, upload it on Rapidshare, send the link via mail and open it on the infected machine. Another possibility is USB, FTP or whatever.
When downloaded, just install it and you should have your definitions up to date. Next do a “Full scan” and after a while the antivirus will probably ask you to reboot the system so that it can remove the virus.
Finally, if it succeeds, you can test it by accessing the Microsoft site (previously blocked).
- You can disable the Server service (RUN: services.msc) because it is probably outdated
- Don’t disable the Server service and just get all the latest updates (including SP3 on XP)
- Keep the antivirus up to date