Anti Virus Reseller Homepage - Top Banner


Combating the W32/Conficker.worm
A number of customers have requested further information on the W32/Conficker.worm and a proactive response to this threat. This page has been produced to provide extensive information, prevention, and resolution documentation, but please don't hesitate to contact us if you have any further questions or concerns.

What is Conficker?
Conficker is a computer worm that targets unpatched Microsoft Windows Operating Systems and attacks port 445, Microsoft Directory Service.

What are the Symptoms?
Symptoms are varied, but predominantly are:

  • No access to security-related sites.
  • Users being locked out of machines.
  • Traffic on port 445 on non-Directory Service (DS) servers.
  • No access to a machines admin shares.
  • Autorun.inf files in the recycled directory.

    • How can I protect myself
    Keep your windows systems patched. Conficker first surfaced in November and exploited a vulnerability that was patched in October. If you are not sure whether you are patched, visit Microsoft here: http://www.microsoft.com/technet/security/bulletin/ms08-067.mspx

    Why all the fuss?
    Nobody really knows what the plans are for Conficker, but it is now reckoned to be one of the largest botnets in existence, and has grown extremely rapidly. There is a very imformative article about where Conficker came from, and where it is going here

     

    Detecting an Infection

    If you are not sure if your network has been affected I would recommend McAfee's detection tool that should flag up any infected machines on your network. Even if you don't think you are infected, this is worth running just to make sure.
    Download

    Removing an Infection

    If you think you might have systems infected with the Conficker, now is the time to act. Conficker.c was set to call the "Control Servers" on the 1st of April, but due to the sheer volume of URLs it is programmed to contact (50,000 in total at 500 per day), it should be a few days before all the infected machines have made contact. There are a number of tools available to scan for Conficker:

    McAfee Stinger for W32/Conficker Download

    Symantec Conficker Removal Tool Download

    Trend Micro Sysclean Download

    Microsoft's Conficker advice is available here

    We hope this page and the links provided were of use to you. If you have any questions, please call us on 01628 829290 and we'll be happy to help in whatever way we can.
    AVR Sitemap Our Terms
    Copyright © 2010, AVR International Ltd. All rights reserved.