Thursday, April 2, 2009

How to Detect and Remove the Conficker or Downadup Worm from your Computer

For the last day I have been struggling with Removing the Conficker worm from computers at my place of employment. The worm is very clever which makes it harder to eliminate.

* Cannot run Windows Update
* Cannot Update Antivirus Software
* Cannot start up in Safe Mode
* Inability to view many websites

The worm keeps you from going to sites to try to get rid of it, and instead occasionally will redirect you to sites that Have more malicious files.

Checking for the worm
So, Do you have the worm? Lets check. Go to In Internet Explorer.
If the page loads, your on to a good start. There are 6 images displayed on the page right at the top. If some of them load, yet others don't, you probably have a variant of the Conficker worm. If they all load successfully, you are most likely alright. It should look like the below picture if everything loaded correctly

So if you do have issues viewing the site, or Microsoft update, here is the EASIEST way to remove it.
If you have access to a second computer, Utilize that computer to download the two following files. First, download this file
This file is a memory killer which will immediately kill the conficker worm if it is running. BEFORE RUNNING however, you must rename the file so it does not contain the word "conficker". You can easily toss a letter or 2 in the name to get it to work. Run the file. It will flash a command prompt quickly that should go through and terminate all running conficker process's.

The next step is to download and run the fixdwndup tool from Symantec located here Once you have obtained it, run the program and it will find the infection and clean it. Immediately reboot your computer and perform a windows update, as well as update all anti-virus software you have, and run regular scans. During the time your computer was infected, you MAY have contracted other worms and virus's.

If you have ANY Questions, comments, or concerns, feel free to post below and I will answer them! Best of luck!

Also, If you liked this site, Check out the Rest of my Links, Learn about my GPT (Get Paid To) experience through And see how YOU can Make Money online with out paying a dime!

DiggIt!Add to del.icio.usAdd to Technorati Faves
Ajax CommentLuv Enabled 1d04e6da811ea386a30422b1935139ed


  1. Great Information waldo! Thanks! I new I was safe already but to those who don't really know what htey are doing, this post is Grade A+
    Keep up the good work!

  2. Much thanks for the comment. Staying safe using preventative measures like Windows Update, Antivirus Updates, and safe browsing habbits is the way to go!

  3. Interesting, a feature supposed to prevent removing the worm helps detecting it.

  4. Much thanks lr5, It is pretty cool that the virus writers made it so easy to detect with out knowing it!

  5. Glad I found your blog. I had been meaning to look into this. Very helpful info. Thanks!

  6. Hope it helps! *actually I hope you don't have the worm, since its new variants have purportedly been installing key loggers that can steal personal data*