Romanians find cure for conficker

Removal tool may spell the end for the notorious Windows worm

BitDefender has released what it claims is the first vaccination tool to remove the notorious Conficker virus that infected some 9 million Windows machines in about three months.

The worm, also known as Downadup, exploits a bug in the Windows Server service used by Windows 2000, XP, Vista, Server 2003 and Server 2008. It spreads primarily through a buffer overflow vulnerability in Windows Server Service where it disables the operating system update service, security center, including Windows Defender, and error reporting.

Security experts claim the worm is the worst infection to date, second to the SQL slammer worm that devastated the Internet in 2003.

The Romanian security vendor said its removal tool, available here, will delete all versions of Downadup and will not be detected by the virus.

Senior malware analyst Vlad Valceanu said the worm is difficult to remove because it contains an in-built update service.

“BitDefender Labs has been seeing an increase in worms, like Downadup, that have a built-in mathematical algorithm, generating strings based on the current date,” Valceanu said in a written statement.

“The worms then produce a fixed number of domain names on a daily basis and check them for updates.

“This makes it easy for malware writers to upgrade a worm or give it a new payload, as they only have to register one of the domains and then upload the files.”

Recommended

  1. Australia remains black spot for Vodafone

  2. Risk of de facto Internet filter for Australia: ...

  3. Tapping into social experience: Tourism Australia

    CMO

Join the Computerworld Australia group on Linkedin. The group is open to IT Directors, IT Managers, Infrastructure Managers, Network Managers, Security Managers, Communications Managers.

More about: BitDefender, Wikipedia
References show all

Comments

Anonymous

1

BitDefender Tool Unsuccessful

i just ran the bd tool on a conficker-infected XP SP2. it said that it found the infection; it then killed some processes and then prompted for a reboot. before rebooting, however, i ran http://www.enigmasoftware.com/a1/download/cfremover.exe - it detected the infection as well. after rebooting, i ran both tools again. bd tool found no infection. but the infection was still present - its presence was confirmed by enigma's removal tool. the enigma tool is able to successfully remove the infection.

Anonymous

2

The _first_ cure for Conficker? Surely some mistake?

A range of cleanup tools for various versions of this virus have been available from a range of different security companies and helpful websites for quite some time...

Anonymous

3

Don't download Enigma

Enigma is spyware. The contact info is a Mail Boxes Etc. in Connecticut -- not a real company.

Anonymous

4

:o) Romanians

Proud to be a Romanian...

Bogdan

5

Conficker B

Use Kidokiller from Kaspersky.
The only tool that did the job 4 me.

Anonymous

6

First tool?

Just checked out their website...I think the key is in the details...it says:

"BitDefender is the first to offer a free tool which disinfects all versions of Downadup"

So I believe they meant first to remove ALL versions? But probably not THE first...if that makes sense.

eliana_ary

7

As you might now the worm blocks your access to a big number of sites which could provide you removal tools.

so...bdtools.net is THE ONLY site that can be accessed if you are infected.you run the tool there and your problem is solved.BitDefender never said they are the first to discover the worm, but the first to offer an accessible tool to help you solve the problem.

now bdtools.net redirect to downadup.org, still a BitDefender site, where you can find the removal tool for networks also.

Zephyr

8

thanks for the tool

Thanks for the article and the tool provided. I was just having some hard time with removing this from a laptop.

Good thing I read about it and disconnected it from my network before something else would have gone wrong.

I just went ahead with the tool from BitDefender and now my computer is squeaky clean. :) I think I'll also move away from that crappy symantec that permited this intrusion.

Anonymous

9

Enigma is not Spyware. They are a completely legitimate company. And the tool works and it is free. So I don't know what you are talking about!

Anonymous

10

I hear ya brother. Me too in this case, although not always.

Anonymous

11

BitDefender tool is great!

I’ve seen a bunch of anti-viruses and ‘specialized’ tools, therefore dedicate as such, for removing the said viruses. But I’ve seen some of them reporting for a virus that is not, initially, on your PC before system scan - but guess what, now it ‘found’ the virus you were afraid of. Now, you feel good about it - even if it’s bogus?
BitDefender provides the tool, for this particular bug, for FREE. And if they cannot find the bug, probably your machine doesn’t have it.
Go purchase an Enigma license if that makes you feel good.

Good luck

Anonymous

12

Does this really work?

Comments are now closed.
Related Coverage
Related Whitepapers
Latest Stories
Community Comments
Tags: conflicker
Whitepapers
All whitepapers
Sign up now to get free exclusive access to reports, research and invitation only events.
Featured Download
/downloads/product/149/dropbox/

Dropbox

Dropbox is a sharing tool that allows you to synchronize your documents, as well share files with others. It automatically uploads the files to the ...

Computerworld newsletter

Join the most dedicated community for IT managers, leaders and professionals in Australia