How to update your PC and remove Conficker from WindowsSecrets.com
The following steps should prevent infection by Conficker and eliminate the worm, if your PC has it. One positive side effect is that you’ll enjoy a computer with up-to-date patches:
- Step 1. Attempt to run Microsoft Update. The Conficker worm can infect vulnerable computers merely by connecting to them remotely via the Internet. For this reason, you should first try to patch Windows before removing Conficker, lest your machine quickly become infected again. It’s particularly important to install Microsoft patch 958644 (security bulletin MS08-067). This patch closes a hole in Windows’ Remote Procedure Call, which Conficker exploits.If you can’t find Microsoft Update (or the more limited Windows Update) on your PC’s Start menu, visit the Microsoft Update page on the Web. Internet Explorer is required.Microsoft Update might complete successfully, or you might not be able to access Microsoft.com at all. In either case, do Step 2.
- Step 2. Attempt to update your third-party security software. Having the latest antivirus signatures will help eradicate Conficker and other malware that may be lurking on your PC. Use your security software’s menu to manually update to the latest defenses.Have no security software? Read the WS Security Baseline, which summarizes the products that are currently rated the highest by respected reviewers.• If your updated security software deems your PC to be cleaned up, but you couldn’t previously access Microsoft.com, go back to Step 1 and run Microsoft Update.• If you couldn’t access your security vendor’s site at all, do Step 3.• If you finished both Steps 1 and 2 successfully, you should be able to skip Step 3 and do Step 4.
- Step 3 (optional). Run a standalone Conficker removal tool, if need be. The Conficker Working Group — a coalition of Microsoft, Cisco, SRI, F-Secure, Kaspersky, and many other security vendors — maintains a list of certified detection and repair tools, any of which should remove Conficker. (My thanks to Susan Bradley for her help with this tip.)Unfortunately, most the links in the Working Group’s list are inaccessible on a Conficker-infected PC. A victim can’t even reach the Working Group’s site, because it has in its URL the string conficker, which triggers the worm’s blocking behavior.As I mentioned earlier, security firm BitDefender has set up a new domain from which users can download free Conficker disinfectant utilities. This site, BDTools.net, is not currently blocked by the worm, to the best of my knowledge. The site offers three options: (a) a free online scan; (b) a free, downloadable Single PC Removal Tool for individual users; and (c) a free Network Removal Tool, an .exe file that IT admins can use to disinfect an entire LAN.BDTools.net: Visit BitDefender’s download site.If you can’t access BDTools.net or any other security site from your PC, find a machine that isn’t infected (such as a public-access workstation at a library). Don’t use a search engine to look for removal tools, some of which are bogus. Instead, download a removal tool from the Working Group’s certified list onto a USB drive, and then use that drive to run the software on the infected PC.
• After removing Conficker, if you couldn’t previously complete Steps 1 and 2 successfully, go back now and finish those steps to update Windows and your security software.
It’s best to strengthen your defenses before April 1 rather than waiting to see what bad things might happen.
Read the entire article here