Subscribe For Free Updates!

We'll not spam mate! We promise.



How to Stop and Remove Conficker

Conficker How to Stop and Remove Conficker
What is Conficker?
Conficker, also known as Downup, Downadup and Kido, is a computer worm targeting the Microsoft Windows operating system that was first detected in October 2008. The worm propagated through the Internet by exploiting a vulnerability in the network stack of Windows 2000, Windows XP, Windows Vista, Windows Server 2003, Windows Server 2008, Windows 7 Beta, and Windows Server 2008 R2 Beta.
The worm has been unusually difficult for network operators and law enforcement to counter because of its combined use of advanced malware techniques.
How to Check if you are Infected by Conficker?
Conficker.B and Conficker.C infections can be detected simply by surfing a web-page.
Conficker.A infections cannot be detected this way. (for Conficker.B or Conficker.C) infection.
How to Remove Conficker?
Below are removal instruction and tools on how to remove conficker.
Removal Instructions
Removal Tools
Conficker Remote Scanners
Conficker Memory Disinfector
It is hard to identify files containing Conficker, because the executables are packed and encrypted. When Conficker runs in memory, it is fully unpacked. Our memory disinfector scans the memory of every running process in the system and terminates Conficker threads without touching the process it runs in. This helps to keep the system services running.
The tool itself and the source code can be downloaded here:
Detecting Conficker Files and Registry
Despite other reports, the file names and registry keys Conficker.B and Conficker.C use are not random. They are calculated on the basis of the hostname. We have developed a tool that you can run on your system to check for Conficker’s Dlls. Unfortunately,Conficker.A really uses random names and can therefore not be found this way.
It is at a very early development stage, but usable. We would be grateful to benefit from your changes if you develop it further.
Tool and source code are here:
Nonficker Vaccination Tool
Conficker uses different global and local mutexes to ensure that only the most up-to-date version is run on the system. This fact can be exploited to scan for and to prevent infections.
We have developed our Nonficker Vaccination dll that can be installed as a system service and pretends to be a running Conficker by registering all mutexes from version .A, .B, and .C (and possibly .D depending which naming scheme you refer to). A setup tool to install the dll as system service is provided as well.
Removal instructions:
  • Open your favorite registry editor (e.g. Start->Run…->regedit.exe->ok)

  • Go to registry key: HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionSvcHost

  • Remove the “aaaaanonficker” from the “netsvcs” key

  • Remove registry key and all sibling keys: HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesaaaaanonficker

Besides vaccination, the mutexes can be used to scan for local infections. We have developed a small mutex scanner that tells you if you are infected.
Both tools and source code can be downloaded here:
More information on using Network Scanner and Intrusion Detection Signatures. (viaUniversitat Bonn)


  • conficker mem removal tool

  • conficker!mem

  • conficker scr

  • aaaaanonficker

  • Conficker mem

  • w32 conficker mem removal tool

  • nonficker

  • conficker mem removal

  • conficker removal tool

  • conficker!mem removal

Please Give Us Your 1 Minute In Sharing This Post!
Powered By: AdDy FiZzi


  1. Anonymous12:31 PM

    Everyone who is into style depends on a great stylist to look good and help with hair issues and problems.
    Likewise, using imported shampoos and conditioners from a tropical country when your climate is cold and temperate
    is not such a good idea. It is designed for professionals so you know
    you're getting top performance.

    Here is my website; hair products


Really thanks for taking time to leave a comment..