Severity scale:  

Remove Conficker.C (updated Jul 2019) - Removal Guide

removal by Gabriel E. Hall - - | Type: Worms

Conficker worm that can be called a global malware since it infects millions of Microsoft devices 

Conficker wormConficker is a botnet that infects the system and then controls the device remotely to launch attacks like denial of service and leads to system crashes. This malware can spread other viruses, launch various processes and attacks and even shut down services like banking institutions, hospitals, and government offices. Attacks of such malware can lead to crippled computer networks of cities and interference with elections and social media.

Since there are many versions of Conficker botnet, it can launch any of these processes and lead to far worse attacks or damage. This worm s one of the more persistent threats in the history of cybersecurity. This virus spreads using various methods that are more common and unconventional techniques like exploiting vulnerabilities and looking for system flaws on the targeted system. Ransomware, miners, worms, and other malware set to perform system changes and launch processes in the background come unnoticed, and the victim only encounters system issues or suspicious activity.

Name Conficker
Type Worm
Danger level High
Symptoms Annoying messages on the screen, crashes of the system, suspicious processes running in the background
Distribution Exploits MS08-067 vulnerability, spreads through insecure external drives, infected files
Known  Since 2008
Elimination Use anti-malware tools for system cleaning and Conficker removal

Conficker virus stands for the name of the computer worm which was first detected in November 2008[1]. It breaks into a computer system and then connects to a larger network of machines – botnet, which then spreads the malware to other devices. Security vulnerabilities and outdated system serve as the main vector for the worm to occupy the device. The malware is also capable of infecting removable devices such as USB sticks.

Mainly Windows OS has been subject to the attacks to this malware. Furthermore, it may run under the disguise of comaddin32.dll, svchost.exe, explorer.exe, or services.exe command in the Task Manager. Since its appearance, different variations have been detected. Naturally, they bear alternative names, such as Downup, Downadup, Kido, Conficker.C, Conficker.A and Conficker B++[2].

During the years, the malware has evolved into a significant threat. Microsoft has even issued a 250 000 USD dollar reward for finding the culprit. Interestingly, ransomware developers decided to share the notorious fame of the worm and Conficker ransomware.

The emergence of this malware initiated the formation of Conficker Working Group, which investigates the computer networks and IP addresses whether they are infected with the malware. It is suspected that over 600 000 devices still possess the threat. Over the years, the discussions about the malware have subsided. It has been a popular tendency among cybercriminals to revive older viruses.

Likewise, the same scenario may be applicable for this worm as well. Luckily, even if you get infected with this malware, the majority of anti-spyware security applications are able to detect and remove Conficker virus.

Most of the researchers believe that Conficker worm is developed by Ukranian hackers who focus on creating the platform for global theft. Malware employs sophisticated encryption algorithms RC4, RSA, and MD6 that are produced by the premier cryptologist. The Ukraine clue was spotted when the feature about self-destruction on Ukranian PCs was discovered.

The worm displays tons of redirects to suspicious domains to disguise the source of commands and this way machines come to the point where they overheat and crash. There are versions of the worm and the most known appears to be Conficker.C that was especially active at the end of 2011.

Conficker virusConficker is the virus that exploits system vulnerabilities to infiltrate the targeted Microsoft machines.

While improving technical specifications, the developers also shifted from using the previous title to Conficker. When this worm emerged, few have anticipated what damage it would inflict on the entire cyberspace globally. Business companies and individual users in more than 190 countries have suffered from the Conficker hijack[3].

The flexibility of this malware was one of the key reasons why this malware has remained on the market. Once it gets into the system, it may disable security applications, download corrupted files, collect personal information and, most importantly, connect the device to a botnet.

Once Conficker.C malware settles on the operating system, it will add a specific file to the removable drive to the local drives. Then the dialogue box emerges asking to “Open folder to view files.” The only thing which might trigger your suspicion is the line indicating – “Publisher not specified.” During its presence, the computer processes significantly deteriorates. 

Nonetheless, to the bewilderment of the virtual community, the virus has not been terminated yet. Indeed, it is less active than in 2008. Interestingly, the worm would not have emerged if not for a fatal Microsoft patch (MS08-67) released in 2008[4].

Certain technical specifications allowed Conficker virus to emerge and remain one of the top 5 most destructive threats. Since it targets system vulnerabilities, devices with poor passwords, it explains why the threat has not been seized and still remains potentially dangerous.

Furthermore, the current version of the worm targets not only ordinary computers but MRI machines, IoT devices, and CT scanners, such as police surveillance cameras. Such actors emphasize the necessity to secure devices by updating crucial system applications, features. Install a proper anti-virus program. You should pay close attention to all the parts and possible risk on the device you don't want to remove Conficker in the future.

Besides this utility, anti-malware utilities such as Reimage Reimage Cleaner Intego and Malwarebytes, are practical as well. They might detect minor malicious files which signal a more elaborate threat. Lastly, it is no less important to be aware of the distribution, as well as Conficker removal options. 

Conficker malwareConficker.C worm is the version of a well-known worm that still resides in the cyberspace.

The distribution of malware

The sophisticated method this worm infiltrates the core of computer requires knowledge of `particular Microsoft engineering. This worm discovered new flaws in the Windows operating system and can exploit them to infiltrate the needed machines before users patch those vulnerabilities.

The worm also can disguise its point of origin and hide controllers, malicious files. It even encrypts commands and controls to avoid the shut down by security tools or even IT experts. Another common way to spread such malicious files dropping the worm on the computer involves spam email campaigns and file attachments. Various documents, PDFs and common types like DLLs or EXE files pose as attachments on the email containing legitimate-looking financial message.

These emails look safe due to facts like:

  • familiar company or service name;
  • financial or informational purpose of the email;
  • the email received going to the main email box, not spam.

Focus on Conficker termination and system cleaning with AV tools

When the worm entered the cyberspace and started spreading terror, one of the key questions was whether it was possible to remove Conficker virus. The identity of developers remains a mystery as well as the specific number of still functioning bots.

On the other hand, you should bear in mind that the malware is still present in the virtual space and spreads around the world. Even if you happen to get infected with this computer worm, a variety of anti-virus programs both, professional and less powerful, are capable of detecting the threat[5]. Launch it and start Conficker removal. 

Conficker worm developers can even use the infected machine for more attacks, and current threats can launch a range of different processes.  Although many researchers took over the control of this botnet, they cannot indicate particular instructions and offer remedy for the victim. You need to rely on Reimage Reimage Cleaner Intego, SpyHunter 5Combo Cleaner, Malwarebytes and clean the machine thoroughly from all the malware installed without your permission.

do it now!
Reimage Happiness
Intego Happiness
Compatible with Microsoft Windows Supported versions Compatible with OS X Supported versions
What to do if failed?
If you failed to remove virus damage using Reimage Intego, submit a question to our support team and provide as much details as possible.
Reimage Intego has a free limited scanner. Reimage Intego offers more through scan when you purchase its full version. When free scanner detects issues, you can fix them using free manual repairs or you can decide to purchase the full version in order to fix them automatically.
Alternative Software
Different software has a different purpose. If you didn’t succeed in fixing corrupted files with Reimage, try running SpyHunter 5.
Alternative Software
Different software has a different purpose. If you didn’t succeed in fixing corrupted files with Intego, try running Combo Cleaner.

Access your website securely from any location

When you work on the domain, site, blog, or different project that requires constant management, content creation, or coding, you may need to connect to the server and content management service more often. It is a hassle when your website is protected from suspicious connections and unauthorized IP addresses.

The best solution for creating a tighter network could be a dedicated/fixed IP address. If you make your IP address static and set to your device, you can connect to the CMS from any location and do not create any additional issues for server or network manager that need to monitor connections and activities. This is how you bypass some of the authentications factors and can remotely use your banking accounts without triggering suspicious with each login. 

VPN software providers like Private Internet Access can help you with such settings and offer the option to control the online reputation and manage projects easily from any part of the world. It is better to clock the access to your website from different IP addresses. So you can keep the project safe and secure when you have the dedicated IP address VPN and protected access to the content management system.

Backup files for the later use, in case of the malware attack

Computer users can suffer various losses due to cyber infections or their own faulty doings. Software issues created by malware or direct data loss due to encryption can lead to problems with your device or permanent damage. When you have proper up-to-date backups, you can easily recover after such an incident and get back to work.

It is crucial to create updates to your backups after any changes on the device, so you can get back to the point you were working on when malware changes anything or issues with the device causes data or performance corruption. Rely on such behavior and make file backup your daily or weekly habit.

When you have the previous version of every important document or project you can avoid frustration and breakdowns. It comes in handy when malware occurs out of nowhere. Use Data Recovery Pro for the system restoring purpose.

About the author
Gabriel E. Hall
Gabriel E. Hall - Passionate web researcher

If this free removal guide helped you and you are satisfied with our service, please consider making a donation to keep this service alive. Even a smallest amount will be appreciated.

Contact Gabriel E. Hall
About the company Esolutions


  1. Guest says:
    May 12th, 2010 at 4:05 am

    does not work 🙁

Your opinion regarding Conficker.C