Alias
-
WORM_DOWNAD.AD
-
W32/Conficker.worm
-
Worm:Win32/Conficker.gen!A
-
Worm:W32/Downadup
-
Net-Worm.Win32.Kido
Características
-
Se instala en el registro
-
Aprovecha vulnerabilidades conocidas
-
Busca vulnerabilidades en la red
-
Busca contraseñas poco seguras en la red
Sistemas operativos afectados
Mal/Conficker-A can be removed with either Sophos Anti-Virus or the standalone Conficker removal tool.
For a more detailed guide to cleaning up a Conficker infection on a Windows network, please refer to the knowledgebase article.
Ensure Windows is fully updated to fix the MS08-067 vulnerability that the Conficker family of worms uses to spread.
Ensure that all removable storage devices are scanned after being connected to a computer infected with the Conficker family of worms.
Ensure HIPS and buffer overflow prevention are both turned on and that "alert only" mode is turned off.
Ensure the on-access scanner is turned on and that "on write" scanning is enabled.
If W32/ConfikMem-A is detected on the computer, clean up this item first and then immediately run another full scan. Cleaning up W32/ConfikMem-A removes the worm from memory and allows Sophos Anti-Virus to scan files that may have been locked by the virus while it was running.
If a full scan reports unscannable files and W32/ConfikMem-A is not found in memory, ensure the on-access scanner is enabled and the virus data is up to date, reboot the computer and immediately perform another full scan. This causes the on-access scanner to prevent the Conficker worm from loading as a service and should unlock those files so they can be scanned.
After cleaning up an active infection of the Conficker worm, a reboot may be required.