Win32/Conficker
Aliases: TA08-297A (other) CVE-2008-4250 (other) VU827267 (other) Win32/Conficker.A (CA) Mal/Conficker-A (Sophos) Trojan.Win32.Agent.bccs (Kaspersky) W32.Downadup.B (Symantec) Trojan-Downloader.Win32.Agent.aqfw (Kaspersky) W32/Conficker.worm (McAfee) Trojan:Win32/Conficker!corrupt (Microsoft) W32.Downadup (Symantec) WORM_DOWNAD (Trend Micro) Confickr (other)
Summary
Microsoft security software detects and removes this threat.
This family of worms can disable several important Windows services and security products. They can also download files and run malicious code on your PC if you have file sharing enabled.
Conficker worms infect PCs across a network by exploiting a vulnerability in a Windows system file. This vulnerability is described and fixed in Security Bulletin MS08-067.
Some worms can also spread via removable drives and by using common passwords.
- Apply the update in Security Bulletin MS08-067.
- Apply the update in Microsoft Knowledgebase Article KB971029.
- Change your passwords, and make them strong.
Use the following free Microsoft software to detect and remove this threat:
- Windows Defender Antivirus for Windows 10 and Windows 8.1, or Microsoft Security Essentials for Windows 7 and Windows Vista
- Microsoft Safety Scanner
- Microsoft Windows Malicious Software Removal Tool
You should also run a full scan. A full scan might find other, hidden malware.
Additional recovery steps
You might not be able to connect to websites related to security applications and services that can help you remove this worm.
Microsoft Help and Support have provided a detailed guide to removing a Conficker infection from an infected PC, either manually or by using the Malicious Software Removal Tool (MSRT).
More information about deploying MSRT in an enterprise environment can be found here:
Get more help
You can also visit our advanced troubleshooting page or search the Microsoft virus and malware community for more help.
If you’re using Windows XP, see our Windows XP end of support page.
