Skip to main content
Microsoft Security Intelligence
Published Dec 29, 2008 | Updated Sep 15, 2017


Detected by Microsoft Defender Antivirus

Aliases: TA08-297A (other) CVE-2008-4250 (other) VU827267 (other) Win32/Conficker.A (CA) Mal/Conficker-A (Sophos) Trojan.Win32.Agent.bccs (Kaspersky) W32.Downadup.B (Symantec) Confickr (other)


Windows Defender detects and removes this threat.

This worm makes changes to you PC and can disable important system services and security products, like antimalware or antivirus software.

It spreads by infecting PCs on your network, removable drives (like USB flash drives), and weak passwords.

Find out ways that malware can get on your PC.

Microsoft strongly recommends that you:

You should use the following free Microsoft software to detect and remove this threat:

You should also run a full scan. A full scan might find other, hidden malware.

Additional recovery steps

You might not be able to connect to websites related to security applications and services that can help you remove this worm. For example, downloading antivirus updates might fail. In this case you will need to use an uninfected PC to download any appropriate updates or tools and then transfer these to the infected PC.

Microsoft Help and Support have provided a detailed guide to removing a Conficker infection from an infected PC, either manually or by using the Malicious Software Removal Tool (MSRT).

More information about deploying MSRT in an enterprise environment can be found here:

Get more help

You can also see our advanced troubleshooting page for more help.

If you’re using Windows XP, see our Windows XP end of support page.

Follow us