How to remove the virus CONFICKER / DOWNADUP / KIDO
What is the Conficker?
Conficker (also known under the names of Downup, Downandup and Kido) is a worm that first appeared in October 2008. It would have so far infected millions of computers, especially in companies or institutions such as the French Navy, hospitals or the British Royal Navy! This threat is taken seriously, Microsoft has even promised a reward of 250 000 dollars to anyone who would give information to stop the author of this worm.
When it is installed in a computer, Conficker disables the Windows updates and some security software. It then connects to a server, allowing an attacker to gain complete control to retrieve personal information, install other malicious software or conduct illegal acts (send e-mail spam, attack a website for the disable etc ...).
How to avoid being infected by Conficker?
This infection uses a Windows vulnerability to propagate. A patch correcting this vulnerability was published on October 15 by Microsoft, but as often, many users have not installed it. If you have disabled automatic updates and have not yet installed this patch, you can download it here:
http://www.microsoft.com/technet/security/Bulletin/MS08-067.mspx
Conficker can also spread through removable drives (USB keys, external hard drives etc. ...) and within an open network or protected by weak passwords. Use FlashDisinfector to vaccinate your removable disks, and secure your networks using strong passwords.
Disinfect a computer affected by Conficker
Preliminary
Take precautions to prevent the virus from spreading and to prevent reinfect the computer again disinfection.
• Temporarily disconnect your computer from the network.
• Stop the server temporarily:
Start Menu → Run (or search bar in Windows Vista) → type services.msc and click OK.
Right-click on the "Server" → Properties. Click "Stop", set Startup type to "Disabled" and click OK.
• Disinfect and vaccinate all removable drives (USB keys, external hard drives, mp3 players ... etc) with FlashDisinfector.
• Download the Microsoft patch to fix the vulnerability exploited by Conficker:
http://www.microsoft.com/technet/security/Bulletin/MS08-067.mspx
It is likely that you can not do it from your computer: in this case, taking it from another and upload the patch on a removable disk vaccinated (see above).
Remove infection
Once all these precautions, you can start disinfecting itself.
• First try to scan the computer with your antivirus, or MalwareBytes Anti-Malware for example. You can post the report on the forum Viruses / security so that helps you to read.
• Microsoft also provides a tool for removing malicious software (MSRT), which can help to disinfect (you can find explanations for deployment on a corporate network on the Microsoft site).
• F-Secure (which works with Microsoft on Conficker) offers a removal tool targeted this infection:
http://www.f-secure.com/v-descs/worm_w32_downadup_gen.shtml
• However, Conficker is quite difficult to remove, because it creates files that are associated with legitimate Windows process as Svchost. It is therefore possible that all previous recommendations are not enough: in this case, feel free to post a message on the forum Viruses / security.
After remove virus lan driver not install