Aliases: TA08-297A (other) CVE-2008-4250 (other) VU827267 (other) Win32/Conficker.A (CA) Mal/Conficker-A (Sophos) Trojan.Win32.Agent.bccs (Kaspersky) W32.Downadup.B (Symantec) Trojan-Downloader.Win32.Agent.aqfw (Kaspersky) W32/Conficker.worm (McAfee) Trojan:Win32/Conficker!corrupt (Microsoft) W32.Downadup (Symantec) WORM_DOWNAD (Trend Micro) Confickr (other)
Microsoft security software detects and removes this threat.
This family of worms can disable several important Windows services and security products. They can also download files and run malicious code on your PC if you have file sharing enabled.
Conficker worms infect PCs across a network by exploiting a vulnerability in a Windows system file. This vulnerability is described and fixed in Security Bulletin MS08-067.
Some worms can also spread via removable drives and by using common passwords.
Use the following free Microsoft software to detect and remove this threat:
You should also run a full scan. A full scan might find other, hidden malware.
You might not be able to connect to websites related to security applications and services that can help you remove this worm.
Microsoft Help and Support have provided a detailed guide to removing a Conficker infection from an infected PC, either manually or by using the Malicious Software Removal Tool (MSRT).
More information about deploying MSRT in an enterprise environment can be found here:
You can also visit our advanced troubleshooting page or search the Microsoft virus and malware community for more help.
If you’re using Windows XP, see our Windows XP end of support page.