We're gradually updating threat actor names in our reports to align with the new weather-themed taxonomy. Learn about Microsoft threat actor names
Aliases: TA08-297A (other) CVE-2008-4250 (other) VU827267 (other) Win32/Conficker.A (CA) Mal/Conficker-A (Sophos) Trojan.Win32.Agent.bccs (Kaspersky) W32.Downadup.B (Symantec) Trojan-Downloader.Win32.Agent.aqfw (Kaspersky) W32/Conficker.worm (McAfee) Trojan:Win32/Conficker!corrupt (Microsoft) W32.Downadup (Symantec) WORM_DOWNAD (Trend Micro) Confickr (other)
This family of worms can disable several important Windows services and security products. They can also download files and run malicious code on your PC if you have file sharing enabled.
Some worms can also spread via removable drives and by using common passwords.
- Apply the update in Security Bulletin MS08-067.
- Apply the update in Microsoft Knowledgebase Article KB971029.
- Change your passwords, and make them strong.
Use the following free Microsoft software to detect and remove this threat:
- Microsoft Defender Antivirus for Windows 10 and Windows 8.1, or Microsoft Security Essentials for Windows 7 and Windows Vista
- Microsoft Safety Scanner
- Microsoft Windows Malicious Software Removal Tool
You should also run a full scan. A full scan might find other, hidden malware.
Additional recovery steps
You might not be able to connect to websites related to security applications and services that can help you remove this worm.
Microsoft Help and Support have provided a detailed guide to removing a Conficker infection from an infected PC, either manually or by using the Malicious Software Removal Tool (MSRT).
More information about deploying MSRT in an enterprise environment can be found here:
Get more help
If you’re using Windows XP, see our Windows XP end of support page.