Download Conficker Worm Removal Tools

by on April 6th, 2009

Conficker, also known as Downup, Downadup and Kido, ( some people write it confickr ) is a computer worm targeting the Microsoft Windows operating system. It propagated through the Internet by exploiting a vulnerability in the network stack of Windows 2000, Windows XP, Windows Vista, Windows Server 2003, Windows Server 2008, Windows 7 Beta, and Windows Server 2008 R2 Beta. The worm has been unusually difficult for network operators and law enforcement to counter because of its combined use of advanced malware techniques.

Conficker is the most widespread computer worm infection since SQL Slammer. The initial rapid spread of the worm has been attributed to the number of Windows PCs (estimated at 30%) which have yet to apply the Microsoft patch for the MS08-067 vulnerability. By January 2009, the estimated number of infected computers ranged from almost 9 million to 15 million. Antivirus software vendor Panda Security reported that of the 2 million computers analyzed through ActiveScan, around 115,000 (6%) were infected with Conficker.

Confickr worm Blocks DNS lookups, does an in-memory patch of DNSAPI.DLL to block lookups of anti-malware related web sites, disables AutoUpdate, Kills anti-malware, scans for and terminates processes with names of anti-malware, patch or diagnostic utilities at one-second intervals and more. Find symptoms of conficker and download confickr scanners (4) as well as removal tools (11 tools).

  • Account lockout policies being reset automatically.
  • Microsoft Windows services such as Automatic Updates, Background Intelligent Transfer Service (BITS), Windows Defender and Error Reporting Services disabled.
  • Domain controllers responding slowly to client requests.
  • Congestion on local area networks.
  • Web sites related to antivirus software or the Windows Update service becoming inaccessible.
  • Launches a brute force attack against administrator passwords to help it spread through ADMIN$ shares, making choice of sensible passwords advisable.
  • Port 445/TCP scanning (A/B)
  • Multicast UPnP requests
  • High-port TCP and UDP P2P Activity
  • Abnormal DNS lookup activty

As of 13 February 2009, Microsoft offered a $250,000 USD reward for information leading to the arrest and conviction of the individuals behind the creation and/or distribution of Conficker worm.

Conficker Removal

Microsoft released an emergency out-of-band patch for vulnerability MS08-067, which the worm exploits to spread. The patch applies only to Windows XP SP 2, Windows XP SP 3, Windows 2000 SP4 and Windows Vista; Windows XP SP 1 and earlier are no longer supported.

Third-party anti-virus software vendors BitDefender, Enigma Software, ESET, F-Secure, Symantec, Sophos, and Kaspersky Lab have released detection updates to their products and are able to remove the worm. McAfee and AVG are able to remove it with an on-demand scan.

Conficker Removal Steps

Go to the windows update site and make sure you have all the critical and security updates installed and your Windows is up to date. At least you should have the following updates installed.

Microsoft Remote Code Execution Vulnerability Security Update

Click on the name of your operating system there, download the security update and install it.

Manual removal instructions about the Conficker worm by Microsoft

Instructions by BitDefender

Make sure you have an updated and active real time antivirus.

Use Remote Scanners to find whether you are infected or not:

Download Conficker Remote Scanners

Nmap Conficker Remote Scanner
Nessus Conficker Remote Scanner
McAfee Conficker Remote Scanner
eEye Conficker Remote Scanner

If you get infected by chance, remove the conficker worm using one of the following tools:

Download Conficker Removal Tools

ESET Conficker Removal Tool

Symantec Conficker Removal Tool

Microsoft Conficker Removal Tool

ESET Conficker Removal Tool

Kaspersky Conficker Removal Tool

F-Secure Conficker Removal Tool

McAfee Conficker Removal Tool

Sophos Conficker Removal Tool

Symantec Conficker Removal Tool – Notes

TrendMicro Conficker Removal Tool

Sunbelt Conficker Removal Tool – SSClean

Download all these 11 Conficker removal tools (Size: 27.30 MB)

UPDATE: There is another conficker removal tool by spyhunter called CFREMOVER.

Download cfRemover

Anti Virus Protection for any PC has been a growing need. Some people recommend cheap antivirus software solution and some suggest free virus protection software or virus removal software. Internet security software are different from antivirus and with standard scanning software you also need anti spam software sometimes. Explore TechMynd Recommendations for your PC security needs.

2 Reviews

  1. Anant says:


    This is one of the only sites I could easily find via Google which have hosted all the tools on their server. Most other sites redirect us to a microsoft/symantec website – which OBVIOUSLY we cannot access.
    Thanks for the up!


  2. james says:


    Good article. Sophos’ Conficker removal tool seems to be the best although i’ve used several to make sure i’m not infected.

    As long as people run these tools it should stop any serious outbreak.