- Conflicker, the result of a Trojan virus, is the most damaging of all worms. It spreads by hacking, a "remote procedure call" or a piece of code in the Microsoft Windows Server service, which all versions of Windows-based PCs use. Characteristics of infection include browser problems such as redirection of URLs to unintended website destinations and the Internet Explorer browser crashing. The worm can sometimes crash any browser. It also causes denial of service to the Internet, most noted by a "404 error" or "Page not found" message when trying to access security software websites, such as symantec.com and certain "help forums" run by the security sites as well. System-wide effects include partial or complete and catastrophic data loss and the PC not starting, necessitating the purchase of a new PC.
- Backup any important data to an outside source, such as a re-writable CD/DVD, which you will scan for the worm before re-installation onto the cleaned system. The worm infects the System Restore function, making it unusable.
Disable system restore in Windows XP: click "Start" then right click "My Computer" then "Properties" from the menu then "System Properties" then the tab labeled "System Restore." Check the box labeled "Turn off System Restore on All Drives" and click "OK," then exit the System Restore Function.
Disable System Restore in Windows Vista: click "Start" then "Control Panel" then "System Maintenance" then "System." When the window opens, click "System Protection" from the left windowpane then uncheck the boxes next to the drive names. Click "OK" then exit the System Restore function.
This allows the worm-removal tool access to System Restore to disinfect it. If this step is not completed and System Restore not cleaned, the worm will reinfect the PC upon the next start-up after disinfection. - Go to Microsoft's web page for the "Microsoft Bulletin MS08-067-critical" patch of the Windows Server service. Download the patch for your version of Windows and save it to the desktop. Install by double-clicking on the desktop icon, opening the "Install Wizard." Follow the prompts, and when the Wizard finishes installation, click "Finish." Restart your PC for the changes to take effect. Go to another PC to visit the symantec.com site to download its free Conflicker (Downadup) Removal Tool, file name "D.exe," to your desktop then double-click the icon to open the tool. Click "Start" to start the detection and removal process. When the tool finishes, restart the PC and run the tool again to make sure all traces are gone. After the second run of the tool returns a clean system, you are finished.
- Scan the backup disks with your PC antivirus protection before installing them to a clean computer. First, disable Autorun, then insert the disks into the drive and before clicking on the drive to open the files, scan the disk in the drive manually with your antivirus protection. Because the worm blocks security sites, you may need to use another computer to download the files. If so, download them to a portable flash drive then install on the infected PC as above. Before starting any large worm removal process, always consult an IT professional for advice and additional help if any problems arise.
previous post