Downloads code from the internet
Installs itself in the registry
Exploits known vulnerabilites
Scans network for vulnerabilities
Scans network for weak passwords
Affected Operating Systems
Mal/Conficker-A can be removed with either Sophos Anti-Virus or the standalone Conficker removal tool.
For a more detailed guide to cleaning up a Conficker infection on a Windows network, please refer to the knowledgebase article.
Ensure Windows is fully updated to fix the MS08-067 vulnerability that the Conficker family of worms uses to spread.
Ensure that all removable storage devices are scanned after being connected to a computer infected with the Conficker family of worms.
Ensure HIPS and buffer overflow prevention are both turned on and that "alert only" mode is turned off.
Ensure the on-access scanner is turned on and that "on write" scanning is enabled.
If W32/ConfikMem-A is detected on the computer, clean up this item first and then immediately run another full scan. Cleaning up W32/ConfikMem-A removes the worm from memory and allows Sophos Anti-Virus to scan files that may have been locked by the virus while it was running.
If a full scan reports unscannable files and W32/ConfikMem-A is not found in memory, ensure the on-access scanner is enabled and the virus data is up to date, reboot the computer and immediately perform another full scan. This causes the on-access scanner to prevent the Conficker worm from loading as a service and should unlock those files so they can be scanned.
After cleaning up an active infection of the Conficker worm, a reboot may be required.