Traduzca al Español
Übersetzen Sie zum Deutsch
Traduisez au Français
Traduca ad Italiano
Vertaal aan het Nederlands
Μεταφράστε στα ελληνικά
Översätta till Svensk
ترجمة الى العربية
中文翻译
한국어에게 번역하십시오
日本語に翻訳しなさい 
Traduza ao Português
Переведите к русскому
Conficker Worm is a worm that locks users out of system directories, and blocks your access to security websites and applications, such as Windows Automatic Update Service, Windows Security Center Service, Windows Defender Service (WinDefend), Windows Vista TCP/IP auto-tuning, and more. To further hide its presence in your computer, Conficker Worm deletes any System Restore points you’ve created.
What’s the point?
Conficker Worm wants to remain undetected, as Conficker Worm downloads more malware onto your computer, contacts ISPs to get directions from a hacker, and places your computer in the Conficker Worm botnet.
Unless your PC becoming part of a hacker’s network sounds like fun, let me show you how to get rid of Conficker Worm for free.
You can use my Conficker Worm removal instructions below, or also try Microsoft’s Conficker worm remover software.
GET RID of Conficker Worm
- Manually remove Conficker Worm with step-by-step instructions
- Download Spyware Doctor to automatically remove Conficker Worm
- You can download award-winning, anti-badware software SpywareDoctor to easily remove Conficker Worm. Want to know why I dig SpywareDoctor? Read my review.
Do You Have Conficker Worm?
When you’re infected with badware — whether it’s Conficker Worm, spyware, adware, a Trojan, or a virus — there are a few key symptoms. Have you noticed…
- Slow computer performance: It just takes one parasite like Conficker Worm to slow your computer dramatically. If your PC takes longer than usual to reboot, or if your Internet connection is unusually slow, you may be infected with Conficker Worm.
- New desktop shortcuts or switched homepage: Badware like Conficker Worm may change your Internet settings to redirect your homepage to another site. Badware can even add desktop shortcuts to your PC.
- Annoying popups: Badware can bombard your computer with popup ads, even when you’re not online. Through these popups, you may be tricked into downloading more spyware.
How to Remove Conficker Worm Manually
Before we get started, you should backup your system and your registry, so it’ll be easy to restore your computer if anything goes wrong.
To remove Conficker Worm manually, you need to delete Conficker Worm files. Not sure how to delete Conficker Worm files? Click here, and I’ll show you. Otherwise, go ahead and…
Block Conficker Worm sites:
getmyip.co.uk
checkip.dyndns.org
whatsmyipaddress.com
ahayw.info
ajcminmqpeu.com
anosb.biz
aqgcurmt.net
bdfbobhuls.com
bjmqxoxbmyq.org
bszeu.info
cfcpreiwtgx.net
cpfgbuwqv.biz
cukpubgb.net
dconkp.com
dpxzsrjhsn.org
dtyqryfi.biz
dviwvh.net
dwmpveim.info
dxnlypjjxp.biz
eaguzulxdr.org
ekrohmqa.info
eoblibwqaig.info
epvzvuah.info
ethogxkt.net
euwqeixq.biz
exxcpxm.net
eyjayqmwxxo.org
ezhvnjlvuk.org
fdzwsak.net
gatkcy.org
gceqy.info
ggcnqnr.info
gkmdbporqmp.biz
gmtgpb.org
guiahproe.info
gxepchol.net
gztql.net
haqrcz.com
hkqrhqev.com
hndrijmu.org
hvxmlcc.org
idahdfyojhz.com
ipbdwihw.info
iquvtfhm.net
irhtphctgn.com
ivouyvxaf.net
jfvyipo.info
jhhwydtk.com
jjbuafs.info
jptplynb.org
jutsyu.com
kagvjo.com
kfzksydrct.org
khvdkdjnrhr.biz
ktivtbse.net
lbori.com
ltxbrwfosrg.net
mhjhb.com
mtqcpiwod.biz
nsjmewgdb.com
ntshnjyxfh.net
nxphotp.com
ocykqj.biz
oenjrcaly.net
oororgpkbp.com
ozlqvnkiq.net
palrw.org
pmotqmf.com
pvuxb.info
qffszcfgyzn.org
qfoilcqp.com
qjafgfp.net
rfduzjbztg.biz
riuvunis.info
rlbidexd.org
rntbogfz.biz
rtkrhxsp.biz
ruolomicarp.org
rxytvgkapvw.biz
safxg.net
sdxkcnzcvhd.org
shbyxebiec.biz
srsoeggve.org
tbkmloh.net
tezjm.net
tilazlfn.com
tqlxquy.org
trxho.org
uiiwmmgr.com
upyuqxpmlxt.net
vdunf.net
vtewiyny.info
vuahzmvf.biz
vweoof.org
wkjhjr.com
xehlydgan.net
xmmzcsqm.biz
xtjejduc.org
xxwoteojg.biz
xytbvkrqhu.info
ybhufq.net
yenhbrt.biz
yfczve.info
ylfamhcgn.net
ylzbgyorfy.org
ysxbkquj.info
ythekdrar.net
yudxsol.org
yzbvrteij.biz
yzpjvpkdtq.biz
zjxuw.org
zpqhr.biz
zuuroktw.biz
zzkjecmf.com
Conficker Worm attaches itself to these processes:
explorer.exe
services.exe
Conficker Worm changes these registry keys:
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionSvcHost, netsvcs = %Previous data% and %Random%
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServices
DisplayName = %ServiceName%
Type = dword:00000020
Start = dword:00000002
ErrorControl = dword:00000000
ImagePath = “%SystemRoot%system32svchost.exe -k netsvcs”
ObjectName = “LocalSystem”
Description = %description%
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServices[random]Parameters
ServiceDll = %MalwarePath%
Remove Conficker Worm registry keys:
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServices{random}”ImagePath” = %SystemRoot%system32svchost.exe -k netsvcs
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipParameters
“TcpNumConnections” = dword:0×00FFFFFE
Get rid of Conficker Worm DLLs:
%Program Files%Internet Explorer[Random].dll
%Program Files%Movie Maker[Random].dll
%All Users Application Data%[Random].dll
%Temp%[Random].dll
Get rid of Conficker Worm files:
%Temp%[Random].tmp
Note: In any Conficker Worm files I mention above, “%UserProfile%” is a variable referring to your current user’s profile folder. If you’re using Windows NT/2000/XP, by default this is “C:\Documents and Settings\[CURRENT USER]” (e.g., “C:\Documents and Settings\JoeSmith”). If you have any questions about manual Conficker Worm removal, go ahead and leave a comment.
How Do You Remove Conficker Worm Files?
Need help figuring out how to delete Conficker Worm files? While there’s some risk involved, and you should only manually remove Conficker Worm files if you’re comfortable editing your system, you’ll find it’s fairly easy to delete Conficker Worm files in Windows.
How to delete Conficker Worm files in Windows XP and Vista:
- Click your Windows Start menu, and then click “Search.”
- A speech bubble will pop up asking you, “What do you want to search for?” Click “All files and folders.”
- Type a Conficker Worm file in the search box, and select “Local Hard Drives.”
- Click “Search.” Once the file is found, delete it.
How to stop Conficker Worm processes:
- Click the Start menu, select Run.
- Type taskmgr.exe into the the Run command box, and click “OK.” You can also launch the Task Manager by pressing keys CTRL + Shift + ESC.
- Click Processes tab, and find Conficker Worm processes.
- Once you’ve found the Conficker Worm processes, right-click them and select “End Process” to kill Conficker Worm.
How to remove Conficker Worm registry keys:
Because your registry is such a key piece of your Windows system, you should always backup your registry before you edit it. Editing your registry can be intimidating if you’re not a computer expert, and when you change or a delete a critical registry key or value, there’s a chance you may need to reinstall your entire system. Make sure your backup your registry before editing it.
- Select your Windows menu “Start,” and click “Run.” An “Open” field will appear. Type “regedit” and click “OK” to open up your Registry Editor.
- Registry Editor will open as a window with two panes. The left side Registry Editor’s window lets you select various registry keys, and the right side displays the registry values of the registry key you select.
- To find a registry key, such as any Conficker Worm registry keys, select “Edit,” then select “Find,” and in the search bar type any of Conficker Worm’s registry keys.
- As soon as Conficker Worm registry key appears, you can delete the Conficker Worm registry key by right-clicking it and selecting “Modify,” then clicking “Delete.”
How to delete Conficker Worm DLL files:
- First locate Conficker Worm DLL files you want to delete. Open your Windows Start menu, then click “Run.” Type “cmd” in Run, and click “OK.”
- To change your current directory, type “cd” in the command box, press your “Space” key, and enter the full directory where the Conficker Worm DLL file is located. If you’re not sure if the Conficker Worm DLL file is located in a particular directory, enter “dir” in the command box to display a directory’s contents. To go one directory back, enter “cd ..” in the command box and press “Enter.”
- When you’ve located the Conficker Worm DLL file you want to remove, type “regsvr32 /u SampleDLLName.dll” (e.g., “regsvr32 /u jl27script.dll”) and press your “Enter” key.
That’s it. If you want to restore any Conficker Worm DLL file you removed, type “regsvr32 DLLJustDeleted.dll” (e.g., “regsvr32 jl27script.dll”) into your command box, and press your “Enter” key.
Did Conficker Worm change your homepage?
- Click Windows Start menu > Control Panel > Internet Options.
- Under Home Page, select the General > Use Default.
- Type in the URL you want as your home page (e.g., “http://www.homepage.com”).
- Select Apply > OK.
- You’ll want to open a fresh web page and make sure that your new default home page pops up.
Conficker Worm Removal Tip
Is your computer acting funny after deleting any Conficker Worm files? I recommend using a program like File Recover from PC Tools. File Recover saves deleted files that otherwise can’t be recovered by Windows operating sytem.
Want to save time finding Conficker Worm files? Download Spyware Doctor, let it find the Conficker Worm files for you, and then manually delete Conficker Worm files.
How Did You Get Conficker Worm?
Wondering how Conficker Worm ended up on your PC? If you’re infected with Conficker Worm or other badware, perhaps you were using…
- Freeware or shareware: Did you download and install shareware or freeware? These low-cost or free software applications may come bundled with spyware, adware, or programs like Conficker Worm. Sometimes adware is attached to the free software to “pay” developers for the cost of creating the software, and more often spyware is secretly attached to free software to harm your computer and steal your personal and financial information.
- Peer-to-peer software: Do you use a peer-to-peer (P2P) program or other application with a shared network? When you use these applications, you put your system at risk for unknowingly downloading an infected file, including applications like Conficker Worm.
- Questionable websites: Did you visit a website that’s of questionable nature? When you visit malicious sites that are fishy and phishy, badware may be automatically downloaded and installed onto your computer, sometimes including applications like Conficker Worm. I recommend you use Firefox web browser, if you don’t already.
Understanding Conficker Worm
If you’re infected with Conficker Worm, you should know what you’re fighting. I’ll explain some definitions related to Conficker Worm.
Conficker Worm May Be a Worm
Worms are virus-like badware with destructive codes. Worms are able to mutate, or replace their own code by automatically, which makes worms very dangerous, difficult to find, and hard to delete. Similar to viruses, worms can spread to the other computers by secretly and automatically emailing themselves to other Internet users in your address book. The main difference between worms and viruses is that a worm wil replace your computer files rather than simply inserting their code into your files.
Conficker can be deleted by following the manual steps given here
Find the virus service and delete the service dll. It is easy.
About removing Conficker – read also here:
http://network-safety.blogspot.com
Hey, I can not figure this stupid thing out. I have been working on the computer forever. If anyone could possibly give directions that anyone could follow. I am pretty good with computers but do not know very much technical things. I don’t know what many of the words used in the article on the left. Please email me step to step idiot proof instructions to sheryl02@telus.net. Thank you that would really make my week. (I simply couldn’t understand the article on the left very well)
I thought you might like to know how my son finally got rid of users\——-\appdata\roaming\ksbun.dll – that stubborn downadup virus (is this the one called conficker too?)
ALL attempts to DELETE it failed, since it hadn’t actually infiltrated the system and started doing it’s devious stuff. It was just sitting there (awaiting an opportunity) and whilst it wasn’t yet preventing me from accessing the net etc (my antivirus software was blocking it) it WAS driving me mad by ATEMPTING to infect my pc (constant messages popping up telling me the malware had been blocked).
I don’t know about you, but that in itself didn’t make me feel very safe – I am a complete novice where computers are concerned, SO…..still very bothered by its presence, I called in my son (not a complete novice!!!)
What he did was:
[1] He tried to save a text file to the same location: users\——-\appdata\roaming\ksbun.dll of course it told him the file already existed and wouldn’t allow him to replace the existing file – confirmation the file was there, although it could NOT BE SEEN.
[2] The next thing he did was booted the pc in safe mode with command prompt. Then browsed to the appdata roaming folder in the command prompt and typed edit ksbun.dll to open the file. It appeared to be an assembly, so he tried to delete it via del ksbun.dll; This failed as the assembly has limited attributes. At this point he could have tried changing the attributes and deleting, but instead:
[3] He burnt a linux live cd (took a few minutes from a portable hard drive he always keeps handy with linux all ready to go), booted the computer into linux and browsed to the appdata roaming folder on the hard disk.
[4] There it could be viewed LARGE AS LIFE (and just as complicated) as the virus doesn’t run in linux – something you guys already know about no doubt.
[5] He deleted the file ksbun.dll. Booted back into windows and no more virus!
I did have to switch my pc on and off a couple of times after he had left as it seemed a little confused where to boot up from.
No Problem now – AND NO MORE VIRUS !!
This is something I wouldn’t try myself of course – but I’m sure some of you out there with the same problem and an analytical mind (unlike me) could do the same as he did. It worked for me, and I have had NO funny stuff going on since – my antivirus scan comes up clean now (where it didn’t before), so if all else fails………
I don’t know if this was an overly complicated solution, but enough time had been spent downloading loads of programmes that either didn’t find it, or just couldn’t remove it.
ALWAYS ASK AN EXPERT FIRST- I am just an ordinary mum (much happier now) -my son is a programmer.
Good luck
Hey Up Guys – My son has got rid of the conficker virus that hadn’t actually infiltrated my PC.
So (thankfully) I don’t need any tips now !!! Hooray!
Hello Guys, is there anyone out there that knows how to find w32.downadup when it is sitting there trying to access the system (my antivirus is blocking it but it’s driving me crazy as I am continuously getting the pop up telling me it’s trying to invade). It seems that it is easy to remove it, once the pc is infected. My antivirus software team have run through lots of stuff with me (I am a complete novice) but NOTHING works as the file supposedly found in Users\Kathy\AppData\roaming\ksbun.dll cannot be found! Does this really mean I have to reformat the pc or does somebody know how to find it AND remove it without going through all that? My son (quite a bit smarter than me) tells me it renames itself and that’s why it can’t be located.
Since you have shut to down explorer.exe, how do you propose to keep working – is the new version that pops out now “clean”?
I wonder whether instructing people to remove random DLLs from their system directory is going to cause more damage than the actual worm itself.
I can’t find any conficker worm files when I search for the files. Any others that you have?
I found great step by step guide to remove conficker by this technology blog
http://www.livecrunch.com/2009.....cker-worm/
thank you very this give us more help and more power