Win32/Conficker.A Removal

Win32/Conficker.A:

Registered as a worm in November 2008, Win32/Conficker.A is  famous for downloading several malicious files. This worm, when executed makes a copy of itself in the C:/WINDOWS/System folder with a random name. It spreads itself by exploiting the server service. It also affects the Services.exe process which is a very crucial process for running the system and is launched at every startup. This way, the worm makes sure that it is launched at every boot-up. To be sure of this, it also edits the registry such that the launching at boot-up takes place successfully. The worm also consists of several URLs which are pinged after the host is connected to the Internet. Many number of malware are thus downloaded and executed by the worm. Hence it can also be called a worm with the functionality of a Backdoor-Trojan. However, the worm also disables Windows Security services such as Windows Firewall. Here is a simple process of removing Win32/Conficker.A

Win32/Conficker.A manual removal instructions:

  1. Since the worm gets started with the help of the System services, reboot your computer in the Safe Mode.
  2. Now Go to Start --> Run and type services.msc and look in your right-hand side for the service with the name "netsvcs". Right-click and select properties in the window that appears. Remember the path that it contains. This is a very crucial part. Select the Startup type and set it to disabled. Thus you're disabling the worm from running using the Services.exe process. 
  3. Now that the worm is removed from the system process, it needs to be deleted from the registry. Navigate to the following registry key

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\

    I told you to remember the path right? I hope you still do. So search for the random name of the virus in the registry and delete it.
  4. Its time to delete this virus permanently from your computer. Search for the same name in your %System% directory and delete it.
  5. Now, restart your system in the normal mode and enjoy. Your system is free.
VShop
Get the best security software for your compter here!

powered by Blogger | WordPress by Newwpthemes | Converted by BloggerTheme