Conficker Worm is a worm that locks users out of system directories, and blocks your access to security websites and applications, such as Windows Automatic Update Service, Windows Security Center Service, Windows Defender Service (WinDefend), Windows Vista TCP/IP auto-tuning, and more. To further hide its presence in your computer, Conficker Worm deletes any System Restore points you’ve created.
What’s the point?
Conficker Worm wants to remain undetected, as Conficker Worm downloads more malware onto your computer, contacts ISPs to get directions from a hacker, and places your computer in the Conficker Worm botnet.
Unless your PC becoming part of a hacker’s network sounds like fun, let me show you how to get rid of Conficker Worm for free.
You can use my Conficker Worm removal instructions below, or also try Microsoft’s Conficker worm remover software.
GET RID of Conficker Worm
* Manual Removal: step-by-step instructions to remove Conficker Worm
* Automatic Removal: easily remove Conficker Worm with software
Do You Have Conficker Worm?
When you’re infected with badware — whether it’s Conficker Worm, spyware, adware, a Trojan, or a virus — there are a few key symptoms. Have you noticed…
* Slow computer performance: It just takes one parasite like Conficker Worm to slow your computer dramatically. If your PC takes longer than usual to reboot, or if your Internet connection is unusually slow, you may be infected with Conficker Worm.
* New desktop shortcuts or switched homepage: Badware like Conficker Worm may change your Internet settings to redirect your homepage to another site. Badware can even add desktop shortcuts to your PC.
* Annoying popups: Badware can bombard your computer with popup ads, even when you’re not online. Through these popups, you may be tricked into downloading more spyware.
How to Remove Conficker Worm Manually
Conficker Worm warning Before we get started, you should backup your system and your registry, so it’ll be easy to restore your computer if anything goes wrong.
To remove Conficker Worm manually, you need to delete Conficker Worm files. Not sure how to delete Conficker Worm files? Click here, and I’ll show you. Otherwise, go ahead and…
Block Conficker Worm sites:
hgetmyip.org
getmyip.co.uk
checkip.dyndns.org
whatsmyipaddress.com
ahayw.info
ajcminmqpeu.com
anosb.biz
aqgcurmt.net
bdfbobhuls.com
bjmqxoxbmyq.org
bszeu.info
cfcpreiwtgx.net
cpfgbuwqv.biz
cukpubgb.net
dconkp.com
dpxzsrjhsn.org
dtyqryfi.biz
dviwvh.net
dwmpveim.info
dxnlypjjxp.biz
eaguzulxdr.org
ekrohmqa.info
eoblibwqaig.info
epvzvuah.info
ethogxkt.net
euwqeixq.biz
exxcpxm.net
eyjayqmwxxo.org
ezhvnjlvuk.org
fdzwsak.net
gatkcy.org
gceqy.info
ggcnqnr.info
gkmdbporqmp.biz
gmtgpb.org
guiahproe.info
gxepchol.net
gztql.net
haqrcz.com
hkqrhqev.com
hndrijmu.org
hvxmlcc.org
idahdfyojhz.com
ipbdwihw.info
iquvtfhm.net
irhtphctgn.com
ivouyvxaf.net
jfvyipo.info
jhhwydtk.com
jjbuafs.info
jptplynb.org
jutsyu.com
kagvjo.com
kfzksydrct.org
khvdkdjnrhr.biz
ktivtbse.net
lbori.com
ltxbrwfosrg.net
mhjhb.com
mtqcpiwod.biz
nsjmewgdb.com
ntshnjyxfh.net
nxphotp.com
ocykqj.biz
oenjrcaly.net
oororgpkbp.com
ozlqvnkiq.net
palrw.org
pmotqmf.com
pvuxb.info
qffszcfgyzn.org
qfoilcqp.com
qjafgfp.net
rfduzjbztg.biz
riuvunis.info
rlbidexd.org
rntbogfz.biz
rtkrhxsp.biz
ruolomicarp.org
rxytvgkapvw.biz
safxg.net
sdxkcnzcvhd.org
shbyxebiec.biz
srsoeggve.org
tbkmloh.net
tezjm.net
tilazlfn.com
tqlxquy.org
trxho.org
uiiwmmgr.com
upyuqxpmlxt.net
vdunf.net
vtewiyny.info
vuahzmvf.biz
vweoof.org
wkjhjr.com
xehlydgan.net
xmmzcsqm.biz
xtjejduc.org
xxwoteojg.biz
xytbvkrqhu.info
ybhufq.net
yenhbrt.biz
yfczve.info
ylfamhcgn.net
ylzbgyorfy.org
ysxbkquj.info
ythekdrar.net
yudxsol.org
yzbvrteij.biz
yzpjvpkdtq.biz
zjxuw.org
zpqhr.biz
zuuroktw.biz
zzkjecmf.com
Conficker Worm attaches itself to these processes:
svchost.exe
explorer.exe
services.exe
Conficker Worm changes these registry keys:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Advanced\Folder\Hidden\SHO WALLCheckedValue = dword:00000000
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost, netsvcs = %Previous data% and %Random%
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\
DisplayName = %ServiceName%
Type = dword:00000020
Start = dword:00000002
ErrorControl = dword:00000000
ImagePath = “%SystemRoot%\system32\svchost.exe -k netsvcs”
ObjectName = “LocalSystem”
Description = %description%
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\[random]\Parameters
ServiceDll = %MalwarePath%
Remove Conficker Worm registry keys:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\{random}\Parameters\”ServiceDll” = “Path to worm”
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\{random}\”ImagePath” = %SystemRoot%\system32\svchost.exe -k netsvcs
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
“TcpNumConnections” = dword:0×00FFFFFE
Get rid of Conficker Worm DLLs:
%System%\[Random].dll
%Program Files%\Internet Explorer\[Random].dll
%Program Files%\Movie Maker\[Random].dll
%All Users Application Data%\[Random].dll
%Temp%\[Random].dll
Get rid of Conficker Worm files:
%System%\[Random].tmp
%Temp%\[Random].tmp
Note: In any Conficker Worm files I mention above, “%UserProfile%” is a variable referring to your current user’s profile folder. If you’re using Windows NT/2000/XP, by default this is “C:\Documents and Settings\[CURRENT USER]” (e.g., “C:\Documents and Settings\JoeSmith”). If you have any questions about manual Conficker Worm removal, go ahead and leave a comment.
How Do You Remove Conficker Worm Files?
Need help figuring out how to delete Conficker Worm files? While there’s some risk involved, and you should only manually remove Conficker Worm files if you’re comfortable editing your system, you’ll find it’s fairly easy to delete Conficker Worm files in Windows.
How to delete Conficker Worm files in Windows XP and Vista:
1. Click your Windows Start menu, and then click “Search.”
2. A speech bubble will pop up asking you, “What do you want to search for?” Click “All files and folders.”
3. Type a Conficker Worm file in the search box, and select “Local Hard Drives.”
4. Click “Search.” Once the file is found, delete it.
How to stop Conficker Worm processes:
1. Click the Start menu, select Run.
2. Type taskmgr.exe into the the Run command box, and click “OK.” You can also launch the Task Manager by pressing keys CTRL + Shift + ESC.
3. Click Processes tab, and find Conficker Worm processes.
4. Once you’ve found the Conficker Worm processes, right-click them and select “End Process” to kill Conficker Worm.
How to remove Conficker Worm registry keys:
Conficker Worm warning Because your registry is such a key piece of your Windows system, you should always backup your registry before you edit it. Editing your registry can be intimidating if you’re not a computer expert, and when you change or a delete a critical registry key or value, there’s a chance you may need to reinstall your entire system. Make sure your backup your registry before editing it.
1. Select your Windows menu “Start,” and click “Run.” An “Open” field will appear. Type “regedit” and click “OK” to open up your Registry Editor.
2. Registry Editor will open as a window with two panes. The left side Registry Editor’s window lets you select various registry keys, and the right side displays the registry values of the registry key you select.
3. To find a registry key, such as any Conficker Worm registry keys, select “Edit,” then select “Find,” and in the search bar type any of Conficker Worm’s registry keys.
4. As soon as Conficker Worm registry key appears, you can delete the Conficker Worm registry key by right-clicking it and selecting “Modify,” then clicking “Delete.”
How to delete Conficker Worm DLL files:
1. First locate Conficker Worm DLL files you want to delete. Open your Windows Start menu, then click “Run.” Type “cmd” in Run, and click “OK.”
2. To change your current directory, type “cd” in the command box, press your “Space” key, and enter the full directory where the Conficker Worm DLL file is located. If you’re not sure if the Conficker Worm DLL file is located in a particular directory, enter “dir” in the command box to display a directory’s contents. To go one directory back, enter “cd ..” in the command box and press “Enter.”
3. When you’ve located the Conficker Worm DLL file you want to remove, type “regsvr32 /u SampleDLLName.dll” (e.g., “regsvr32 /u jl27script.dll”) and press your “Enter” key.
That’s it. If you want to restore any Conficker Worm DLL file you removed, type “regsvr32 DLLJustDeleted.dll” (e.g., “regsvr32 jl27script.dll”) into your command box, and press your “Enter” key.
Did Conficker Worm change your homepage?
1. Click Windows Start menu > Control Panel > Internet Options.
2. Under Home Page, select the General > Use Default.
3. Type in the URL you want as your home page (e.g., “http://www.homepage.com”).
4. Select Apply > OK.
5. You’ll want to open a fresh web page and make sure that your new default home page pops up.
Conficker Worm Removal Tip
Is your computer acting funny after deleting any Conficker Worm files? I recommend using a program like File Recover from PC Tools. File Recover saves deleted files that otherwise can’t be recovered by Windows operating sytem.
Want to save time finding Conficker Worm files? Download SpyHunter’s free spyware scanner, let it find the Conficker Worm files for you, and then manually delete Conficker Worm files.
How Did You Get Conficker Worm?
Wondering how Conficker Worm ended up on your PC? If you’re infected with Conficker Worm or other badware, perhaps you were using…
* Freeware or shareware: Did you download and install shareware or freeware? These low-cost or free software applications may come bundled with spyware, adware, or programs like Conficker Worm. Sometimes adware is attached to the free software to “pay” developers for the cost of creating the software, and more often spyware is secretly attached to free software to harm your computer and steal your personal and financial information.
* Peer-to-peer software: Do you use a peer-to-peer (P2P) program or other application with a shared network? When you use these applications, you put your system at risk for unknowingly downloading an infected file, including applications like Conficker Worm.
* Questionable websites: Did you visit a website that’s of questionable nature? When you visit malicious sites that are fishy and phishy, badware may be automatically downloaded and installed onto your computer, sometimes including applications like Conficker Worm. I recommend you use Firefox web browser, if you don’t already.
Understanding Conficker Worm
If you’re infected with Conficker Worm, you should know what you’re fighting. I’ll explain some definitions related to Conficker Worm.
Conficker Worm May Be a Worm
Worms are virus-like badware with destructive codes. Worms are able to mutate, or replace their own code by automatically, which makes worms very dangerous, difficult to find, and hard to delete. Similar to viruses, worms can spread to the other computers by secretly and automatically emailing themselves to other Internet users in your address book. The main difference between worms and viruses is that a worm wil replace your computer files rather than simply inserting their code into your files.
Support us by making a link back to this post or simply bookmark this post for us. |
0 comments on "Whats a Conficker Worm ?"
Subscribe in a Reader
Post a Comment