This is how you remove Worm/Conficker from your system:
Preparation:
- Download Avira AntiVir Rescue System from our website and burn the Rescue-CD.
- Run this file and create the Avira AntiVir Rescue CD.
- Load and install Microsoft Security Bulletin MS08-067:
http://207.46.232.182/technet/security/bulletin/ms08-067.mspx
We recommend that you always install security-related Microsoft patches, to make sure your system is safe. To do this, you can use Windows' automatic update function or, in special cases (such as servers with certain applications) you can manually install the patches, but make it on time!
- Follow the steps under Mitigation steps on the Microsoft Support site:
http://support.microsoft.com/kb/962007/en
- Edit the file C:\%WINDIR%\System32\Drivers\etc\HOSTS, by adding the following entries at the end of the file:
80.190.143.230 dl10.freeav.net
80.190.143.239 dl9.freeav.net
62.146.66.179 dl8.freeav.net
62.146.66.178 dl7.avgate.net
80.190.143.236 dl6.avgate.net
80.190.143.235 dl5.avgate.net
62.146.66.184 dl4.avgate.net
62.146.66.183 dl3.avgate.net
62.146.66.182 dl2.avgate.net
62.146.66.181 dl1.avgate.net
62.146.87.172 dl2.antivir-pe.de
62.146.87.171 dl1.antivir-pe.de
62.146.210.32 dl4.pro.antivir.de
80.190.154.63 dl3.pro.antivir.de
62.146.210.32 dl2.pro.antivir.de
62.146.210.31 dl1.pro.antivir.de
80.190.154.66 dlpro.antivir.com
- Restart Windows and update AntiVir.
- Deactivate Windows System Recovery.
- Restart the computer and boot from the AntiVir Rescue CD.
- Activate the options Try to repair infected files and Rename files, if they cannot be removed. Then scan your computer with AntiVir Rescue System.
- Unplug the network cable and start the computer in Safe Mode with Networking.
- Save the following file on your computer and unpack the archive. Then double-click on Conficker_registry_fix.reg to clean out the changes made by the malware in the Windows Registry.
Conficker_registry_fix.zip
- Open the configuration of your network card from Start - Settings - Control Panel - Network Connections. Right-click the connection and select Properties. Deactivate File and Printer Sharing for Microsoft Networks and press OK.
Note:
- If you use WindowsXP, open the properties of your network card by clicking the Advanced tab,
- Press Settings for Windows Firewall,
- Click the Exceptions tab and deactivate the exception port, which has an unusual and illogic name. This page is incidentally listed among blocked sites.
- Scan all local drives with AntiVir and delete all infected files.
- Restart the computer and reconnect it to the network.
We hope these instructions were helpful. Keywords: entfernung, worm, conficker, removal
|
Support 
Print this page
.gif)