Home Malware Programs Worms Conficker.C

Conficker.C

Posted: March 26, 2009

Threat Metric

Ranking: 4,538
Threat Level: 5/10
Infected PCs: 1,298
First Seen: November 30, 2010
Last Seen: January 21, 2022
OS(es) Affected: Windows

Conficker.C, also known as Worm:Win32/Conficker.D (MS OneCare), W32/Confick-G (Sophos), and Trojan.Win32.Pakes.ngs(Kaspersky), is a new variant of the Conficker worm that has terrorized PC users since late 2008. Conficker.C is programmed to hit the Web on April 1st. When installed, Conficker.C will begin to perform a number of malicious functions.

The worm will attempt to disable Windows Automatic Update, prevent access to the Windows Security Center, detect and destroy SysInternals' Process Explorer program and wreak havoc with the performance of other search-and-destroy applications such as WirerShark and SysClean. This new Conficker.C variant does not have the exact properties and functions of its predecessor (Conficker.B), however, it will be able to detect and destroy certain particular system processes that have been created to detect and remove it.

Conficker.C will also modify and eliminate system restore points, prevent the use of numerous services such as WinDefend, BITS (Background Intelligent Transfer Service) ERSvc (Error Reporting Service) and WerSvc (Windows Error Reporting Service, Vista-only. Conficker.C will block connection to many antivirus software and websites. Conficker.C will also choose from a list of 500 domains to contact out of a pool of 50,000 (significantly higher than Conficker.B's 32 out of 250). At this point it will be very difficult to remove Conficker.C.

Aliases

W32/Conficker.FZ!worm.im [Fortinet]Trojan.Win32.Genome [Ikarus]Worm/Win32.Conficker [AhnLab-V3]W32/Confick-F [Sophos]Heuristic.BehavesLike.Win32.Suspicious-PKR.G [McAfee-GW-Edition]Worm/Conficker.Z.17 [AntiVir]Trojan.Click1.38217 [DrWeb]Worm:W32/Downadup.BR [F-Secure]Trojan.Win32.Genome.moke [Kaspersky]W32/Kido.IH!worm [Fortinet]Win32/Kido.worm.166503.B [AhnLab-V3]Worm/Conficker.Z.58 [AntiVir]Trojan.Click2.12841 [DrWeb]Trojan.Win32.Genome.hkck [Kaspersky]Artemis!A312C8B1ADB4 [McAfee]
More aliases (335)

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to Conficker.C may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner

Note: SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats. Learn more on SpyHunter. If you would like to uninstall SpyHunter for any reason, please follow these uninstall instructions. To learn more about our policies and practices, visit our EULA, Privacy Policy and Threat Assessment Criteria .

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

The following files were created in the system:



%WINDIR%\System32\poutm.nwb\poutm.nwb File name: poutm.nwb
Size: 164.52 KB (164529 bytes)
MD5: 04199a5b981fd5a3d846d3f9d4c1d574
Detection count: 419
Mime Type: unknown/nwb
Path: %WINDIR%\System32\poutm.nwb\
Group: Malware file
Last Updated: January 21, 2022
%WINDIR%\system32\pjjcxft.dll File name: pjjcxft.dll
Size: 103.9 KB (103904 bytes)
MD5: ae7709bd2b77d2f40aa8f37c1126d8b1
Detection count: 28
File type: Dynamic link library
Mime Type: unknown/dll
Path: %WINDIR%\system32\
Group: Malware file
Last Updated: January 16, 2012
%userprofile%\Application Data\sgrxa.dll File name: sgrxa.dll
Size: 165.84 KB (165840 bytes)
MD5: 9c09418c738e265a27e6c599f43d86ab
Detection count: 26
File type: Dynamic link library
Mime Type: unknown/dll
Path: %userprofile%\Application Data\
Group: Malware file
Last Updated: May 16, 2020
C:\Qoobox\Quarantine\C\Muestras\JWGKVSQ.VMX.Muestra EliStartPage v20.48.vir\JWGKVSQ.VMX.Muestra EliStartPage v20.48.vir File name: JWGKVSQ.VMX.Muestra EliStartPage v20.48.vir
Size: 161.61 KB (161612 bytes)
MD5: 393e2e61ff08a8f7439e3d2cfcb8056f
Detection count: 26
Mime Type: unknown/vir
Path: C:\Qoobox\Quarantine\C\Muestras\JWGKVSQ.VMX.Muestra EliStartPage v20.48.vir\
Group: Malware file
Last Updated: September 27, 2021
%WINDIR%\system32\dzzprkg.dll File name: dzzprkg.dll
Size: 154.65 KB (154652 bytes)
MD5: 67241ac88d798ccd90a6f49f481ac26c
Detection count: 21
File type: Dynamic link library
Mime Type: unknown/dll
Path: %WINDIR%\system32\
Group: Malware file
Last Updated: June 10, 2020
G:\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx\jwgkvsq.vmx File name: jwgkvsq.vmx
Size: 171.36 KB (171362 bytes)
MD5: d987a9af709bfd188071aa3f5e027aac
Detection count: 14
Mime Type: unknown/vmx
Path: G:\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx\
Group: Malware file
Last Updated: November 25, 2020
%PROGRAMFILES%\Internet Explorer\crnnxau.dll File name: crnnxau.dll
Size: 166.44 KB (166440 bytes)
MD5: 76cfe416f735588146aaa3b4f8d0907a
Detection count: 12
File type: Dynamic link library
Mime Type: unknown/dll
Path: %PROGRAMFILES%\Internet Explorer\
Group: Malware file
Last Updated: December 1, 2010
%WINDIR%\system32\dohtu.dll File name: dohtu.dll
Size: 161.75 KB (161750 bytes)
MD5: d2eabe15257a453416efa18992d1edbd
Detection count: 9
File type: Dynamic link library
Mime Type: unknown/dll
Path: %WINDIR%\system32\
Group: Malware file
Last Updated: May 1, 2020
%WINDIR%\system32\lmmtvk.dll File name: lmmtvk.dll
Size: 170.99 KB (170994 bytes)
MD5: 84ef65fbf6e58fc735e867031bbb8d02
Detection count: 9
File type: Dynamic link library
Mime Type: unknown/dll
Path: %WINDIR%\system32\
Group: Malware file
Last Updated: September 8, 2019
%WINDIR%\system32\lccyr.dll File name: lccyr.dll
Size: 160.57 KB (160578 bytes)
MD5: 95ad430abca3da496600f764c120683c
Detection count: 9
File type: Dynamic link library
Mime Type: unknown/dll
Path: %WINDIR%\system32\
Group: Malware file
Last Updated: February 5, 2020
%WINDIR%\system32\khgixdc.dll File name: khgixdc.dll
Size: 174.48 KB (174488 bytes)
MD5: b081022fc581decf4c8640dbc74a9198
Detection count: 7
File type: Dynamic link library
Mime Type: unknown/dll
Path: %WINDIR%\system32\
Group: Malware file
Last Updated: November 15, 2019
C:\WINDOWS\System32\hzcakuc.dll.78034401.mwt\hzcakuc.dll.78034401.mwt File name: hzcakuc.dll.78034401.mwt
Size: 224.21 KB (224214 bytes)
MD5: 9645f61e0913a58a29ecfcce940136fe
Detection count: 5
Mime Type: unknown/mwt
Path: C:\WINDOWS\System32\hzcakuc.dll.78034401.mwt\
Group: Malware file
Last Updated: August 1, 2021
%WINDIR%\system32\jyuzfa.dll File name: jyuzfa.dll
Size: 165.4 KB (165405 bytes)
MD5: fb7ba7e14bafdc97724ffb66d39c2246
Detection count: 5
File type: Dynamic link library
Mime Type: unknown/dll
Path: %WINDIR%\system32\
Group: Malware file
Last Updated: December 6, 2010

Related Posts

One Comment