Aliases: TA08-297A (other) CVE-2008-4250 (other) VU827267 (other) Conficker B++ (other)
Windows Defender detects and removes this threat.
This worm spreads by infecting computers on your network, removable drives (such as USB flash drives), and weak passwords.
It disables important system services and security products, such as antimalware or antivirus software.
Apply the update in Microsoft Knowledgebase Article KB971029 that changes the Autoplay functionality in Windows.
To detect and remove this threat and other malicious software that may be installed in your computer, run a full-system scan with an up-to-date antivirus product such as the following:
If your computer is infected by Conficker, it might not be unable to connect to websites related to security applications and services that can help remove it (for example, downloading antivirus updates may fail). In this case you will need to use an uninfected computer to download any appropriate updates or tools and then transfer these to the infected computer.
Microsoft Help and Support has provided a detailed guide to removing a Conficker infection from an affected computer, either manually or by using the Malicious Software Removal Tool (MSRT).
For detailed instructions on how to manually remove Conficker, view the following article using an uninfected computer:
More information about deploying MSRT in an enterprise environment can be found in the following article: