Conficker (latest one is Conficker.C) is one of the few malwares nowdays that bring something new in the market that relies on new names and new skins only. The thing distinguishing it from crowd is unique registry modification scheme that makes its removal difficult for comon spyware removers.

The trick used by Conficker.C is seting up registry permissions instead of inserting registry keys only. And you can not modify registry permission from the lowest leaf of affected tree – you need to traverse whole tree and start modifying it from top node. Thus removal instructions, just stating that you need removing single node  like

HKCUSoftwareMicrosoftWindowsCurrentVersionRun[Random String] = “rundll32.exe [Worm Executable], [Random String]”

are not fully correct. You need to check and fix the whole tree!.

There are couple dedicated tools that help you with removing Conficker and similar parasites. One of them is produced by enigma software group – conficker remover. Though I would suggest using complete spyware remover like Spyware Doctor or Malwarebytes Anti-Malware.

Categories: Security

Giedrius Majauskas

I am a internet company owner and project manager living at Lithuania. I am interested in computer security, health and technology topics.


Leave a Reply

Avatar placeholder

Your email address will not be published. Required fields are marked *