Conficker

Posted: January 27, 2009
Threat Metric
Threat Level: 9/10
Infected PCs 59

Conficker Description

Conficker is a worm whose greatest notoriety was gained during the year of its appearance, 2008, but which has spread sufficiently to warrant warning PC users even as of 2014. Even taking its age into account, Conficker is a worm with sophisticated means of distribution that may employ brute-force attacks against password-protected against, as well as the exploitation of general software vulnerabilities. Conficker-afflicted PCs are linked to a botnet that may distribute spam or launch other threatening activities, and victims may be unable to access critical security features. Malware researchers recommend using updated and proven anti-malware tools for removing Conficker, which often is patched to stay ahead of the curve of threat-defining database updates.

Conficker: the Worm of Seven Years Long that Still is Going Strong

Although Conficker is a worm of many names, including Downup, Kido and Downadup, Conficker is a worm that has had a consistent focus on enabling illegal botnets by compromising large numbers of PCs. Variants of Conficker, such as Conficker.A or Conficker.B, may use different mechanisms to infect new PCs, and new variants of Conficker periodically are discovered, even in recent years. Conficker's basic strategies for distribution include:

  • Distributing copies of itself to local network-connected computers. Password-protected networks may be 'hacked' by Conficker attempting to use dictionary attacks that guess weak passwords.
  • Exploiting vulnerabilities on outdated Windows XP, 2000 and Server 2003 operating systems. Patched operating systems are protected from this attack, which has been deactivated in exchange for alternate infection techniques.

Some variants of Conficker worms also are installed on already-infected PCs, and are intended to be 'updates' to old variants of Conficker. The outdated worm may download this update automatically along with multiple forms of additional threats.

The use of secondary equipments such as USB thumb drives also should be monitored to prevent Conficker or related PC threats from compromising these devices. A standard infiltration technique could allow any PC sharing these devices to be infected as soon as the device is inserted.

Keeping Your PC from Being Conned by a Conficker Worm

Since Conficker's major payloads are related to botnet activities, the bulk of its attacks take place 'behind the scenes.' However, Conficker infections sometimes cause various symptoms, particularly ones that are related to blocking its deletion. As of malware researchers' last acquired samples, these symptoms may include the reset of Windows account policies, blocked Windows accounts, the automatic disabling of basic Windows features (such as Windows Update or Windows Defender), slow server response times, unusually high network activity and browser hijacks that block your access to some security websites.

Conficker is a good case study of an old threat that has seen regular updates from committed and highly-skilled criminal programmers in order to remain relevant to the landscape of modern computing. Some of the last known variants of Conficker worms even have been used to install fake anti-spyware programs and spambots. Although deleting Conficker is nothing less than extremely urgent for keeping your computer safe, malware researchers recommend leaving that task to appropriate PC security products that are able to detect all copies of Conficker and any related threat.

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to Conficker may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner

Note: SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats. Learn more on SpyHunter. If you would like to uninstall SpyHunter for any reason, please follow these uninstall instructions. To learn more about our policies and practices, visit our EULA, Privacy Policy and Threat Assessment Criteria.

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

The following files were created in the system:



malware.exe File name: malware.exe
Size: 110.59 KB (110592 bytes)
MD5: 09edf06953b56ee6a8cb6823cb3b2996
Detection count: 34
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: December 11, 2009
vhoinp.dll File name: vhoinp.dll
Size: 89.08 KB (89088 bytes)
MD5: e80c7cb77020f9326e15b3a0fb298045
Detection count: 29
File type: Dynamic link library
Mime Type: unknown/dll
Group: Malware file
Last Updated: December 11, 2009

More files

Related Posts

One Comment

Leave a Reply

Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter. If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.