Conficker is a computer worm which targets Microsoft window operating system. Conficker is referred as “Downup” and “Kido”, it was first identified in November 2008.Confricker uses errors in “Windows software” to “designate machines” and connect them into a “virtual computer”, which can be controlled remotely by its creator. Conficker is a one of the highest infected computer worm, and multiplies quickly into computer, since the “2003 SQL Slammer”. The worms are generally hard to counter, because of its mutual use of various advanced “Malware techniques”.
The term Conficker has derived from the English word “configure” and the German term “Ficker”, that means “fucker”. The Microsoft analyst “Joshua Phillips” has described the name Conficker as a rearrangement of portions of the domain name “trafficconverter.biz”, which is used by initial versions of Conficker to download updates.
- Unpatched PC’s running Windows 2000
- Windows XP
- Windows Server 2003
- If you not sure that your computer is infected or not, then try to reboot. If your computer has Conficker worm, then it won’t let you reboot your computer. If your PC or Network is not infected yet, then you can visit Microsoft update and install them to protect your PC against this vulnerability, install all high priority security patches the scan deems necessary.
- If your system is already damaged, the worm won’t allow you to visit “Microsoft Update”, and any of the key antivirus/antispyware websites. Microsoft suggests trying to contact their “Windows Live OneCare Safety Scanner”. Install some decent PC protection “spy ware” antivirus such as “Malwarebytes” and “Avast”.
- Avast contains antivirus protection. Malicious processes can be protected by the proactive protection within these malwarebytes. Both have a collection of additional features. They have free versions buying a License, which can unlock added features in both antiviruses.
- The University of Bonn website has a complimentary set of 6 “suppression tools”, specially created by Felix Leder and Tillmann Werner; both are members of the “HoneyNet Project”. Upcoming editions of Malware elimination software will adapt a new variants emerge.
- The tools they created are known as ‘Downatool2.’ It is used to create domains for the “Downadup” A, B & C variations.
- Domain Collision tool are accessible, for Conficker C, which is installed in computer by default with the entire Domain names for April 2009. It is used to locate conflicts among Conficker created Domains and real Domains.
- There is a Memory Disinfector “conficker_mem_killer.exe”, which scrutinize the memory of each running process and stop infected tags without damaging the process itself. This prevents essential system services from shutting down. It works in a “Dos window”.
- The “Conficker A” is an alternatively used casual file names and registry keys to inflict havoc. The B & C Variants are not casual they are based on the hostname. “Regnfile.exe” is used to check for Conficker (B & C) infected DLL’s. This works on “Dos window”
- A Network Scanner is also available, which is used to check damaged machines. It uses a “python script”, to differentiate between damaged and non-infected machines, which indicate a response from the “Conficker worm” causing it to give its location away.
- “Nonficker Vaxination” Tool make the Conficker worm to consider the machine have already been damaged with the “latest variant”. It will disregard machines with this especially coded DLL installed as a system service.
- Highly recommended company “Sophos”, also has a particular Conficker removal tool “ssconftool_10_sfx” free for downloading. You need to register an account it will also offers the optional advantage of future warning notifications as they expand. This tool works on” Dos window”.
- If you want to use above mentioned tools, it is suggested that you use the “Task Manager” to turn off any and all unnecessary programs and services. Conficker conceals its actions under the “svchost.exe” and makes them appear like system or local services. Most of these services are compulsory for Windows to operate.