Severity scale:  
  (67/100)

Conficker.C. How to remove? (Uninstall guide)

removal by Gabriel E. Hall - - | Type: Worms
12

Conficker worm is an old virus which continues its malicious activity

“Conficker virus” stands for the name of the computer worm which was first detected in November 2008[1]. It breaks into a computer system and then connects to a larger network of machines – botnet, which then spreads the malware to other devices. Security vulnerabilities and outdated system serve as the main reasons for the worm to occupy the device. The malware is also capable of infecting removable devices such as USB sticks. Mainly Windows OS has been subject to the attacks to this malware. Furthermore, it may run under the disguise of comaddin32.dll, svchost.exeexplorer.exe, or services.exe command in the Task Manager. Since its appearance, different variations have ben detected. Naturally, they bear alternative names, such as Downup, Downadup, Kido, Conficker.C, Conficker.A and Conficker B++[2].

During the years, the malware has evolved into a significant threat. Microsoft has even issued a 250 000 USD dollar reward for finding the culprit. Interestingly, ransomware developers decided to share the notorious fame of the worm and recently introduced Conficker ransomware. The emergence of this virus malware initiated the formation of Conficker Working Group which investigates the computer networks and IP addresses whether they are infected with the malware. It is suspected that over 600 000 devices still possess the threat. Over the years, the discussions about the malware have subsided. It has been a popular tendency among cyber criminals to revive older viruses. Likewise, the same scenario may be applicable for this worm as well. Luckily, even if you get infected with this malware, the majority of anti-spyware security applications are able to detect and remove Conficker virus.

The operation peculiarities of the malware

While improving technical specifications, the developers also shifted from using the previous title to Conficker. When this worm emerged, few have anticipated what damage it would inflict on the entire cyber space globally. Business companies and individual users in more than 190 countries have suffered from the Conficker hijack[3]. The flexibility of this malware was one of the key reasons why this malware has remained on the market. Once it gets into the system, it may disable security applications, download corrupted files, collect personal information and, most importantly, connect the device to a botnet. Once Conficker.C malware settles on the operating system, it will add a specific file to the removable drive to the local drives. Then the dialogue box emerges asking to “Open folder to view files.” The only thing which might trigger your suspicion is the line indicating – “Publisher not specified.” During its presence, the computer processes significantly deteriorates. 

Nonetheless, to the bewilderment of the virtual community, the virus has not been terminated yet. Indeed, it is less active than in 2008. Interestingly, that the worm would not have emerged if not for a fatal Microsoft patch (MS08-67) released in 2008[4]. Certain technical specifications allowed Conficker to emerge and remain one of the top 5 most destructive threats. Since it targets system vulnerabilities, devices with poor passwords, it explains why the threat has not been seized and still remains potentially dangerous. Furthermore, the current version of the worm targets not only ordinary computers but MRI machines, IoOT devices, and CT scanners, such as police surveillance cameras. Such actors emphasize the necessity to secure devices by updating crucial system applications, features. Install a proper anti-virus program. Besides this utility, anti-malware utilities such as Reimage and Malwarebytes Anti Malware, are practical as well. They might detect minor malicious files which signal a more elaborate threat. Lastly, it is no less important to be aware of the distribution, as well as Conficker removal options. 

Conficker termination 

When the computer worm entered the cyber space and started spreading terror, one the key questions was whether it was possible to remove Conficker virus. The identity of developers still remains a mystery as well as the specific number of still functioning bots. It is fortunate that the rate of the malware has dropped. On the other hand, you should bear in mind that the malware is still present in the virtual space. Even if you happen to get infected with this computer worm, a variety of anti-virus programs both, professional and less powerful, are capable of detecting the threat[5]. Launch it and start Conficker removal. 

 

We might be affiliated with any product we recommend on the site. Full disclosure in our Agreement of Use. By Downloading any provided Anti-spyware software to remove Conficker.C you agree to our privacy policy and agreement of use.
do it now!
Download
Reimage (remover) Happiness
Guarantee
Download
Reimage (remover) Happiness
Guarantee
Compatible with Microsoft Windows Compatible with OS X
What to do if failed?
If you failed to remove infection using Reimage, submit a question to our support team and provide as much details as possible.
Reimage is recommended to uninstall Conficker.C. Free scanner allows you to check whether your PC is infected or not. If you need to remove malware, you have to purchase the licensed version of Reimage malware removal tool.

Note: Manual assistance required means that one or all of removers were unable to remove parasite without some manual intervention, please read manual removal instructions below.

More information about this program can be found in Reimage review.

More information about this program can be found in Reimage review.

Conficker.C manual removal:

Kill processes:
svchost.exe

explorer.exe

services.exe

Delete registry values:
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServices{random}Parameters?�?ServiceDll?�? = ?�?Path to worm?�?

HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServices{random}?�?ImagePath?�? = %SystemRoot%system32svchost.exe -k netsvcs

HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipParameters

?�?TcpNumConnections?�? = dword:0?�00FFFFFE

Unregister DLLs:
comaddin32.dll

[Random].dll

Delete files:
[Random].tmp

About the author

Gabriel E. Hall
Gabriel E. Hall - Passionate web researcher

If this free removal guide helped you and you are satisfied with our service, please consider making a donation to keep this service alive. Even a smallest amount will be appreciated.

Contact Gabriel E. Hall
About the company Esolutions

References


  • Guest

    does not work 🙁