Conficker C – D-Day Is Coming

Update May: Click here for Free Conficker Removal Tool for PC's and Networks

Conficker C is due to become active on April 1, but this is no April Fools Day Joke.

Windows Vista and Win7 users appear to be free from this threat as Win XP and earlier Operating Systems are the target and users need to ensure that their security programs are updated and all necessary patches applied.

It will be March 31 in most parts of the world when it turns April 1 across the Pacific and most reports have indicated that the majority of machines currently infected with Conficker are in China, who will be among the first to receive their 'new' instructions.

It is believed that PCs updated with Conficker C are scheduled to begin checking 500 rendezvous points randomly selected from 50,000 web addresses for further instructions, but what the instructions will be are anybody's guess.

Since last November, Conficker’s creators are believed to have infected around 3 million Windows PCs.

Conficker A and Conficker B, also known as Downadup or Win32.Kido, are picked up and removed by lots of antimalware programs and scanners but Conficker C is a different breed altogether.

The new Conficker C version will not have all of the tools that Conficker B used to replicate, but it will be able to detect and kill certain system processes designed to find and remove it.

Infected machines also continually scan the Internet for other unpatched PCs to infect as well as Conficker C being moved from infected computers to clean computers via usb flash drives, digital cameras and shared external drives.

When inserting usb devices hold down the 'Shift' key to stop autoplay!

Conficker C deletes all restore points prior to its infection to block System Restore, it also is known to disable the updating of security programs or downloading new ones and will terminate existing security programs, and in addition to this Conficker C checks for and tries to inject code into any processes executed with the commandline parameters 'svchost.exe -k NetworkService'.

Microsoft released a patch in October, if not installed click here

For Conficker A and Conficker B variants there are tools to remove them from infected computers: Microsoft MSRT - Downloaded through Windows Update, simply go to Start > Run and type in mrt then press OK

http://www.microsoft.com/security/malwareremove/default.mspx

The following all have relevant instructions on their pages, please take time to read them for full instructions:

F-Secure - Download and details of F-secure Conficker / Downadup Removal tool

McAfee - McAfee Avert Stinger Details and Download

McAfee have also released a special build of Stinger which will be updated on a daily basis

Download McAfee AVERT Stinger Conficker here

ESET - One Off ESET Application

BitDefender - bdtools

Kaspersky - KKiller

TrendMicro - TrendMicro FixTool

Sophos - Conficker Removal Tool

Additional articles:
Conficker - The big clean up from Sophos
Questions and Answers on F-Secure Weblog
Conficker on Snopes.com

Related articles:

Conficker C: Update April 2 and April 3
Conficker C: Update April 1stConficker / Downadup Removal

Surf Safer, Surf with WOT - Click Here or the links below

Web of Trust for Internet Explorer

Web of Trust for Firefox

Web of Trust for Google Chrome

Web of Trust for Opera

Free PC Security, Conficker C, April 1 - Conficker D-Day, Downadup, USB Drives, Windows Update, Conficker A & B

  This content has been Digiproved © 2010