Conficker Virus Patch, Protection, and Removal

How can I prevent the Conficker virus?
Though there is no guarantee, the following steps will help prevent the virus:

1. Download this patch from Microsoft.

2. Install quality antivirus software like Bitdefender and make sure Real-time Protection is enabled.

3. A more drastic step is to disable Windows Autorun feature, but this requires editing the registry. Please be aware that editing the registry can be dangerous if you do not know what you are doing and if you are not careful, you could end losing data or rendering your computer useless. Before editing the registry, you should make a full backup of the registry, this is explained here. If you are comfortable with editing the registry, you can follow the directions in this article to disable the Autorun feature.

What is the Conficker Virus?
The Conficker virus, also known as Kido, Downup, or Downadup is a widely spread malicious worm designed to take control of your computer, steal passwords, remotely access your files, as well as download additional malware. The worm has the ability to disable important Windows Security features such as Automatic Updates, Windows Defender, and Background Intelligent Transfer Service. The Conficker virus can also block access to antivirus and security related websites as well as attempt to replicate itself to other computers through a network connection. Around 10 million computers have been infected to date and is still spreading and mutating rapidly.

How does it spread?
The Conficker virus can spread via the internet using a vulnerability in Windows (if it hasn’t been patched - see below). It can also spread via network shares and removable USB drives and memory sticks.

How do I know that my computer is infected?
Here are a some signs that your computer is infected:

1. Automatic updates and/or Background Intelligent Transfer Service have been disabled without your permission. You can determine if these services have been stopped disabled by going to Control Panel -> Administrative Tools -> Services

2. If you try to go to certain antivirus company websites such as mcafee.com, symantec.com, avg.com, the pages will not load.

3. You may see an Autoplay window appear on your screen that looks similar to the screenshot below:

Notice the option “Open folder to view files. Publisher not specified” this was added by the worm. The highlighted option “Open folder to view files using Windows Explorer” is the typical option provided by Windows:

How can I remove the Conficker virus if my computer has been infected?
If your computer is already infected with the Conficker worm, here is a Conficker-specific removal tool from BitDefender.

If you are interested in a complete security solution to protect your computer from future virus and malware attacks, we recommend BitDefender. You can see our full review here.