Romanians find cure for conficker

Removal tool may spell the end for the notorious Windows worm

BitDefender has released what it claims is the first vaccination tool to remove the notorious Conficker virus that infected some 9 million Windows machines in about three months.

The worm, also known as Downadup, exploits a bug in the Windows Server service used by Windows 2000, XP, Vista, Server 2003 and Server 2008. It spreads primarily through a buffer overflow vulnerability in Windows Server Service where it disables the operating system update service, security center, including Windows Defender, and error reporting.

Security experts claim the worm is the worst infection to date, second to the SQL slammer worm that devastated the Internet in 2003.

The Romanian security vendor said its removal tool, available here, will delete all versions of Downadup and will not be detected by the virus.

Senior malware analyst Vlad Valceanu said the worm is difficult to remove because it contains an in-built update service.

“BitDefender Labs has been seeing an increase in worms, like Downadup, that have a built-in mathematical algorithm, generating strings based on the current date,” Valceanu said in a written statement.

“The worms then produce a fixed number of domain names on a daily basis and check them for updates.

“This makes it easy for malware writers to upgrade a worm or give it a new payload, as they only have to register one of the domains and then upload the files.”

More about: BitDefender, Wikipedia
References show all

Comments

1

Anonymous

Fri 13/03/2009 - 20:29

BitDefender Tool Unsuccessful

i just ran the bd tool on a conficker-infected XP SP2. it said that it found the infection; it then killed some processes and then prompted for a reboot. before rebooting, however, i ran http://www.enigmasoftware.com/a1/download/cfremover.exe - it detected the infection as well. after rebooting, i ran both tools again. bd tool found no infection. but the infection was still present - its presence was confirmed by enigma's removal tool. the enigma tool is able to successfully remove the infection.

2

Anonymous

Fri 13/03/2009 - 21:56

The _first_ cure for Conficker? Surely some mistake?

A range of cleanup tools for various versions of this virus have been available from a range of different security companies and helpful websites for quite some time...

3

Anonymous

Sat 14/03/2009 - 01:01

Don't download Enigma

Enigma is spyware. The contact info is a Mail Boxes Etc. in Connecticut -- not a real company.

4

Anonymous

Sat 14/03/2009 - 22:42

:o) Romanians

Proud to be a Romanian...

5

Bogdan

Sun 15/03/2009 - 18:45

Conficker B

Use Kidokiller from Kaspersky.
The only tool that did the job 4 me.

6

Anonymous

Mon 16/03/2009 - 14:26

First tool?

Just checked out their website...I think the key is in the details...it says:

"BitDefender is the first to offer a free tool which disinfects all versions of Downadup"

So I believe they meant first to remove ALL versions? But probably not THE first...if that makes sense.

7

eliana_ary

Mon 16/03/2009 - 23:04

As you might now the worm blocks your access to a big number of sites which could provide you removal tools.

so...bdtools.net is THE ONLY site that can be accessed if you are infected.you run the tool there and your problem is solved.BitDefender never said they are the first to discover the worm, but the first to offer an accessible tool to help you solve the problem.

now bdtools.net redirect to downadup.org, still a BitDefender site, where you can find the removal tool for networks also.

8

Zephyr

Mon 16/03/2009 - 23:20

thanks for the tool

Thanks for the article and the tool provided. I was just having some hard time with removing this from a laptop.

Good thing I read about it and disconnected it from my network before something else would have gone wrong.

I just went ahead with the tool from BitDefender and now my computer is squeaky clean. :) I think I'll also move away from that crappy symantec that permited this intrusion.

9

Anonymous

Mon 16/03/2009 - 23:41

Enigma is not Spyware. They are a completely legitimate company. And the tool works and it is free. So I don't know what you are talking about!

10

Anonymous

Mon 23/03/2009 - 00:08

I hear ya brother. Me too in this case, although not always.

11

Anonymous

Tue 31/03/2009 - 09:54

BitDefender tool is great!

I’ve seen a bunch of anti-viruses and ‘specialized’ tools, therefore dedicate as such, for removing the said viruses. But I’ve seen some of them reporting for a virus that is not, initially, on your PC before system scan - but guess what, now it ‘found’ the virus you were afraid of. Now, you feel good about it - even if it’s bogus?
BitDefender provides the tool, for this particular bug, for FREE. And if they cannot find the bug, probably your machine doesn’t have it.
Go purchase an Enigma license if that makes you feel good.

Good luck

12

Anonymous

Wed 22/04/2009 - 09:40

Does this really work?

Post new comment

The content of this field is kept private and will not be shown publicly.
Users posting comments agree to the Computerworld comments policy.
Login or register to link comments to your user profile, or you may also post a comment without being logged in.
Related Coverage
Related Whitepapers
Latest Stories
Community Comments
Tags: conflicker
Whitepapers
All whitepapers
Sign up now to get free exclusive access to reports, research and invitation only events.
Featured Download
/downloads/product/161/softdisc/

SoftDisc

SoftDisc is an image file tool that allows you to create, edit and manage your image files. It also lets you emulate a virtual CD ...

Computerworld newsletter

Join the most dedicated community for IT managers, leaders and professionals in Australia