Don't fret about Conficker: Here's what to do

Mar 31, 2009 By JORDAN ROBERTSON , AP Technology Writer

(AP) -- The Conficker worm, a nasty computer infection that has poisoned millions of PCs, will start ramping up its efforts Wednesday to use those machines for cybercrimes. It's unclear whether everyday PC users will even notice, but this is as good an excuse as any to make sure your computer is clean.

There are some easy ways to figure out whether a computer has the Conficker worm, and free tools available for getting rid of it.

One scary thing about Conficker is that it spreads without human involvement, moving from PC to PC by exploiting a security hole in Corp.'s operating system. The hole was fixed in October, but if your computer doesn't get automatic updates from Microsoft, you could be vulnerable.

Lots of computer worms disable antivirus software outright, which can be a tip-off that something is wrong. But Conficker doesn't do that. Instead, Conficker blocks infected PCs from accessing the antivirus vendors' and Microsoft's Web sites, so victims won't get automatic updates and can't download the Conficker removal tools that those companies have developed.

So see what Web sites you can visit. If you can navigate the Internet freely except for sites owned by Microsoft or antivirus vendors such as Symantec Corp., McAfee Inc. or F-Secure Corp., your PC might have Conficker or a similar bug.

Fixing the problem gets a little trickier.

The best remedy is to have a friend - whose computer is not infected - download a removal tool from Microsoft or one of the antivirus vendors. Then that person should e-mail the tool to you.

A list of the free Conficker removal programs is available on the Web site of the Conficker Working Group, an alliance of companies fighting the worm. The removal programs will take care of themselves, for the most part, scanning your system and purging the worm.

One thing to note: Conficker blocks infected machines from running removal tools with "Conficker" in the name. So users might have to change the name of the file (one you've saved the tool to your desktop, right-click on it and select "rename") before running it. The program's instructions will let you know if you need to do this. Many antivirus vendors have already changed the names in their removal tools - in some cases calling the file a misspelled variant of "Conficker" - to trick the worm into letting the program run.

Businesses have a bigger challenge, because Conficker has yet another method for evading detection. Once the worm is inside a machine, it applies its own version of the Microsoft patch that fixes the vulnerability Conficker exploited in the first place. So a business running a standard network scan, looking for unpatched machines, might come up empty-handed, even though some computers on the network are infected.

The scans need to take a deeper dive into the machines on the network - something an antivirus vendor's service should enable. For government agencies, contractors and operators of critical infrastructure, the Department of Homeland Security also has released a network-detection tool for Conficker.


On the Net:

List of Conficker removal programs:

Homeland Security's announcement of its detection tool:

©2009 The Associated Press. All rights reserved. This material may not be published, broadcast, rewritten or redistributed.

Explore further: Encryption made easier: Just talk like a parent

Related Stories

Conficker Worm Prepares For A New Release On April 1

Mar 27, 2009

( -- The conficker worm created havoc last year when it infected over 10 million computers on a global scale. The unique design of the conficker worm allowed for this large scale attack to over ...

Help! How to avoid fast-moving computer worm

Jan 28, 2009

Since early January, a worm that has been referred to by several names, including "Downadup," "Kido" and "Conficker," has been infecting millions of computers around the world. The worm exploits a previously discovered vulnerability ...

Protecting your Computer: Part 3 – AntiVirus

Jan 11, 2006

by Philip Dunn [ Part 1 ] [ Part 2 ] Almost everybody is aware of the need for Antivirus software, so this article will concentrate on installation issues and virus removal. ...

Recommended for you

Solar Impulse 2 pilot becomes aviation legend

8 hours ago

At 62 years of age, Swiss Solar Impulse 2 pilot Andre Borschberg has made aviation history with a record breaking solo flight across the Pacific that he has called "an interior journey".

Facegloria: Facebook for Brazil's Evangelicals

8 hours ago

Fluffy clouds waft across a blue sky as you log in and while you chat with friends, Gospel music rings out: welcome to Facegloria, the social network for Brazilian Evangelicals.

Mexico City proposes regulations for Uber

8 hours ago

Mexico City is proposing regulations that would allow Uber and other smartphone-based ride-sharing apps to operate, while requiring drivers and cars to be registered, the city's Office of Legal and Legislative Studies said ...

User comments : 2

Adjust slider to filter visible comments by rank

Display comments: newest first

5 / 5 (1) Apr 01, 2009
It's first well written worm (grats to it's author) since a long time and the ease with which it exploits the pathetic m$ code is really impressive. Just look at the damage it was able to do (from wiki):

Experts say it is the worst infection since 2003's SQL Slammer.[18] Estimates of the number of computers infected range from almost 9 million PCs[19][20] to 15 million computers.[21] The initial rapid spread of the worm has been attributed to the number of Windows computers%u2014estimated at 30%%u2014which have yet to apply the Microsoft MS08-067 patch.[22]

Another antivirus software vendor, Panda Security, reported that of the 2 million computers analyzed through ActiveScan, around 115,000 (6%) were infected with this malware.[23]

Intramar, the French Navy computer network, was infected with Conficker in 15 January 2009. The network was subsequently quarantined, forcing aircraft at several airbases to be grounded because their flight plans could not be downloaded.[24]

The U.K. Ministry of Defence reported that some of its major systems and desktops were infected. The worm has spread across administrative offices, NavyStar/N* desktops aboard various Royal Navy warships and Royal Navy submarines, and hospitals across the city of Sheffield reported infection of over 800 computers.[25][26]

On 13 February 2009, the Bundeswehr reported that about one hundred of their computers were infected.

It's pathetic that a virus manages to infiltrate such critical military and government targets! Those institutions should know better then to rely on m$ piece of shit code and this virus is an obvious sign they do something VERY wrong!

Computers are here to stay and governments need to adopt secure and stable solutions which do not depend on a bunch of worst programmers on this planet.

5 / 5 (1) Apr 01, 2009

It's pathetic that a virus manages to infiltrate such critical military and government targets! Those institutions should know better then to rely on m$ piece of shit code and this virus is an obvious sign they do something VERY wrong!

Computers are here to stay and governments need to adopt secure and stable solutions which do not depend on a bunch of worst programmers on this planet.

The problem is that Windows is a flawed OS! Linux does not suffer from these problems. I have NEVER had a virus, worm, or other on my machine since switching over to it. I do have an anti-virus installed to scan out-going messages, so none piggy-back on any of my out-going emails to my "Windows dependent" friends, but it has never found anything. Poor Windows users :(

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.