How to remove the Downadup and Conficker worm
by Marianna Schmudlach - 1/24/09 8:44 AM
Thanks to Grinler for the instructions !
What this programs does:
The Downadup, or Conficker, infection is a worm that predominantly spreads via exploiting the MS08-067 Windows vulnerability, but also includes the ability to infect other computers via network shares and removable media. Not since the Sasser and MSBlaster worms have we seen such a widespread infection as we are seeing with the Downadup worm. In fact, according to anti-virus vendor, F-Secure, the Downadup worm has infected over 8.9 million infected computers. Microsoft has addressed the problem by releasing a patch to fix the Windows vulnerability, but there are still many computers that do not have this patch installed, and thus the worm has been able to propagate throughout the world.
When installed, Conficker / Downadup will copy itself to your C:\Windows\System32 folder as a random named DLL file. If it has problems copying itself to the System32 folder, it may instead copy itself to the %ProgramFiles%\Internet Explorer or %ProgramFiles%\Movie Maker folders. It will then create a Windows service that automatically loads this DLL via svchost.exe, which is a legitimate file, every time you turn on your computer. The infection will then change a variety of Windows settings that will allow it to efficiently infect other computers over your network or the Internet.