- slide 1 of 3
The Conficker worm was first detected in early November 2008. Since then, five variants have been released – each adding additional functionality to the base worm. The last variant detected in April 2009 exploits a Microsoft vulnerability in the NetBIOS service. The worm is capable of disabling Microsoft Windows Update and also attempts to stop any running anti-virus or anti-malware software. In summary – this is a powerful, smart worm capable of updating itself and easily replicating to other vulnerable systems.
Luckily, there are some easy steps you can take to protect your machine from getting infected by the Conficker worm. We will also cover how to remove the Conficker worm should your computer be infected already.
- slide 2 of 3
Protecting Your Computer against Conficker Worm Infection
Following these few steps will ensure your computer remains safe and clear from worms like Conficker.
1) Make sure Windows Automatic Updates is turned on. To do this, go to Start and right click My Computer (or “Computer” in Windows 7). Select Properties. In Windows XP select Automatic Updates or in Windows 7 select “Windows Update.” Make sure updates are set to automatically download and install (Figure 1). Most worms and viruses are propagated via software vulnerabilities in your operating system. Keeping your OS patched goes a long way to keeping your machine safe from viruses.
2) Run an anti-malware program and keep it up to date. Using a tool such as Microsoft Security Essentials (available here) or AVG (available here) will put up a protective barrier that attempts to detect and stop virus and malware attacks. Make sure the tool you use has automatic definition updates to ensure you are protected against the latest threats.
3) Use a firewall at all times. If you have broadband access to the internet, your computer needs a firewall. ZoneAlarm has a free firewall that works well – download here.
4) Avoid “shady” websites and don’t click on links in SPAM at all costs. Besides OS vulnerabilities, clicking links you shouldn’t is one of the top ways to infect your computer. Use a tool like OpenDNS (here) to automatically inspect the sites you go to and prevent you from going to a known malicious site.
For more information on protecting your computer and home network, read my article on How to Protect Your Home Network From Hackers.
- slide 3 of 3
Removing the Conficker Worm
If you were unlucky enough to get your computer infected with the Conficker worm, there is a free tool you can use to remove it.
I’d recommend using the Microsoft Windows Malicious Software Removal Tool. This tool helps remove active running viruses and worms. Note that this tool only targets prevalent malware and does not take the place of a typical anti-malware product.
1) Download the tool from the Microsoft Security site (available here). Be sure to note where you downloaded the file to.
2) Run the tool by double-clicking on it. After a moment the end user license agreement will appear. Click “Accept all terms…” and click Next.
3) Click Next on the welcome screen.
4) Start by running a Quick scan. If malware is detected, you’ll want to re-run the program doing the full scan. Click Next.
5) The scan will start running (Figure 2). After a few minutes, you will be presented with the results (Figure 3). You can click on the link to see detailed results or click Finish to exit the program. If any malware was detected, the tool would continue and would attempt to remove the infection. After removal, I would recommend rebooting and re-running the scan doing a Full Scan this time to see if anything else pops up.
Your computer should be clean now. If you still encounter issues, you may want to check out Conficker removal tools from some of the popular anti-virus vendors such as Norton or Trend Micro. Also - don't forget to follow my advice above to make sure this doesn’t happen again!