Skip to main content
Skip to main content
Microsoft Security Intelligence
Published Jan 07, 2009 | Updated Sep 15, 2017


Detected by Microsoft Defender Antivirus

Aliases: TA08-297A (other) CVE-2008-4250 (other) VU827267 (other) Win32/Conficker.A (CA) Mal/Conficker-A (Sophos) Trojan.Win32.Agent.bccs (Kaspersky) W32.Downadup.B (Symantec) Trojan-Downloader.Win32.Agent.aqfw (Kaspersky) W32/Conficker.worm (McAfee) Trojan:Win32/Conficker!corrupt (Microsoft) W32.Downadup (Symantec) WORM_DOWNAD (Trend Micro) Confickr (other)


Microsoft security software detects and removes this threat.

This family of worms can disable several important Windows services and security products. They can also download files and run malicious code on your PC if you have file sharing enabled.

Conficker worms infect PCs across a network by exploiting a vulnerability in a Windows system file. This vulnerability is described and fixed in Security Bulletin MS08-067.

Some worms can also spread via removable drives and by using common passwords.

Find out ways that malware can get on your PC.

Use the following free Microsoft software to detect and remove this threat:

You should also run a full scan. A full scan might find other, hidden malware.

Additional recovery steps

You might not be able to connect to websites related to security applications and services that can help you remove this worm.

Microsoft Help and Support have provided a detailed guide to removing a Conficker infection from an infected PC, either manually or by using the Malicious Software Removal Tool (MSRT).

More information about deploying MSRT in an enterprise environment can be found here:

Get more help

You can also visit our advanced troubleshooting page or search the Microsoft virus and malware community for more help.

If you’re using Windows XP, see our Windows XP end of support page.

Follow us