Aliases: No associated aliases
Worm:Win32/Conficker.B is a worm that infects other computers across a network by exploiting a vulnerability in the Windows Server service (SVCHOST.EXE).
If the vulnerability is successfully exploited, it could allow remote code execution when file sharing is enabled. It may also spread through removable drives and weak administrator passwords. It disables several important system services and security products.
Microsoft strongly recommends that users apply the update referred to in Security Bulletin MS08-067 immediately.
Microsoft also recommends that users ensure that their network passwords are strong to prevent this worm from spreading via weak administrator passwords. More information is available here.
Microsoft also recommends that users apply an update that changes the AutoPlay functionality in Windows to prevent this worm from spreading via USB drives. More information is available in the Microsoft Knowledgebase Article KB971029 .
Use the following free Microsoft software to detect and remove this threat:
- Windows Defender Antivirus for Windows 8.1 and Windows 10, or Microsoft Security Essentials for Windows 7 and Windows Vista
- Microsoft Safety Scanner
You should also run a full scan. A full scan might find hidden malware.
This threat tries to use the Windows Autorun function to spread via removable drives, like USB flash drives. You can disable Autorun to prevent worms from spreading:
Scan removable drives
Remember to scan any removable or portable drives. If you have Microsoft security software, see this topic on our software help page:
Use cloud protection
The Microsoft Active Protection Service (MAPS) uses cloud protection to help guard against the latest malware threats. It’s turned on by default for Microsoft Security Essentials and Windows Defender for Windows 10.
Get more help
You can also see our advanced troubleshooting page for more help.
If you’re using Windows XP, see our Windows XP end of support page.