Published Nov 23, 2008 | Updated Sep 15, 2017

Worm:Win32/Conficker.A

Severe |Detected with Windows Defender Antivirus

Aliases: TA08-297A (other) CVE-2008-4250 (other) VU827267 (other) Win32/Conficker.worm.62976 (AhnLab) Trojan.Downloader.JLIW (BitDefender) Win32/Conficker.A (CA) Win32/Conficker.A (ESET) Trojan-Downloader.Win32.Agent.aqfw (Kaspersky) W32/Conficker.worm (McAfee) W32/Conficker.E (Norman) W32/Confick-A (Sophos) W32.Downadup (Symantec) Trojan.Disken.B (VirusBuster)

Summary

Worm:Win32/Conficker.A is a worm that infects other computers across a network by exploiting a vulnerability in the Windows Server service (SVCHOST.EXE). If the vulnerability is successfully exploited, it could allow remote code execution when file sharing is enabled.
 
Microsoft strongly recommends that users apply the update referred to in  Security Bulletin MS08-067 immediately.
 
Microsoft also recommends that users ensure that their network passwords are strong to prevent this worm from spreading via weak administrator passwords. More information is available here.
 
Microsoft also recommends that users apply an update that changes the AutoPlay functionality in Windows to prevent this worm from spreading via USB drives. More information is available in the Microsoft Knowledgebase Article KB971029.
Microsoft strongly recommends that users apply the update referred to in  Security Bulletin MS08-067 immediately.
 
Microsoft also recommends that users ensure that their network passwords are strong to prevent this worm from spreading via weak administrator passwords. More information is available here .
 
Microsoft also recommends that users apply an update that changes the AutoPlay functionality in Windows to prevent this worm from spreading via USB drives. More information is available in the Microsoft Knowledgebase Article KB971029 .
 
To detect and remove this threat and other malicious software that may be installed in your computer, run a full-system scan with an up-to-date antivirus product such as the following:
 
 
For more information on antivirus software, see http://www.microsoft.com/windows/antivirus-partners/.
 
Note: Computers infected by Conficker may be unable to connect to web sites related to security applications and services that may otherwise assist in the removal of this worm (for example, downloading antivirus updates may fail). In this case users will need to use an uninfected computer in order to download any appropriate updates or tools and then transfer these to the infected computer.
 
Microsoft Help and Support have provided a detailed guide to removing Win32/Conficker infection from an affected computer, either manually or by using the MSRT (Malicious Software Removal Tool).
 
For detailed instructions on how to manually remove Win32/Conficker, view the following article using an uninfected computer:
http://support.microsoft.com/kb/962007 - Virus alert for Win32/Conficker and manual removal instructions
 
Additional information on deploying MSRT in an enterprise environment can be found here:
http://support.microsoft.com/kb/891716 - Deployment of MSRT in an enterprise environment
Follow us