Mar 30 2009
Conficker/Downadup detection and removal
Despite the recent hype, odds are you won’t get hit by the Conficker virus. See the earlier post on “The Conficker/Downadup panic” for background. However, if you’ve been remiss with your security updates or let your antivirus protection lapse, here are some techniques to check for and, if necessary, remove Conficker…
First off, the Conficker Working Group maintains a list of detection and repair tools that will deal with Conficker. If you suspect a Conficker infection, or just want to double-check, this is a good starting point. (Personally, I like ESET’s tool, but any of them should work fine.)
Update: The Conficker Working Group list is overloaded/inaccessible this morning (April 1). Here is a list of direct Conficker detection and removal tool links to try:
- ESET
- Kaspersky
- F-Secure
- McAfee
- Microsoft Malicious Software Removal Tool
- Sophos
- Sunbelt Software
- Symantec
- TrendMicro
However, the most recent variant of Conficker, Conficker.C, added a nasty trick. It blocks a long list of places offering detection and removal information and tools. This includes all the significant antivirus vendors, as well as Microsoft’s security-related material. If you cannot get to the above download links, but you can reach someplace routine like Google, you’ve likely got a problem.
You should also go to the control panel and launch Windows Security Center. If Windows Security Center is not working, that’s another red flag.
Neither of the above tests necessarily indicates a Conficker.C infection; there are other, nastier viruses that exhibit the same behavior. But failing one or both definitely means it’s time for some housecleaning.
BitDefender put up a web page very recently that is not blocked by Conficker.C and where you can download a general Conficker detection and removal tool. You can find it here: http://www.bdtools.net/. (Update: I’ve got a report that the BitDefender application may generate some false alarms. For now, it is probably best to use this tool only if you can’t reach any of the links listed above.)
Finally, the Windows Secrets Newsletter published a must-read article today titled “Run a Conficker removal tool before April 1“. You should read this for additional background and a more detailed discussion on Conficker detection and removal. (Well, OK, I have some problems with their recommendations regarding security suites, but it is still a first-rate write-up.)
If you have any questions, please feel free to get in touch. See the “Contact Us” section of the sidebar for information on how to do this.
3 responses so far
[...] release a new strain in short order. If you’ve been careless, see the aboveĀ “Conficker/Downadup detection and removal” [...]
[...] C | Conficker C Computer Worm is No Joke | GosuBlogger…NVDi Support News & Alerts » Conficker/Downadup detection and removal…Group launches strategy to block Conficker worm from .ca domain – CBC.ca | Internet Domain Name [...]
[...] need to worry about Conficker, but it sure wouldn’t hurt to check your system. See the “Conficker/Downadup detection and removal” article for details on how to do this. See “The Conficker/Downadup panic” for [...]