Remove Conficker Virus

Is your computer infected with virus Conficker?... If yes, whether you have used the popular antivirus, but cannot afford Conficker thoroughly cleaned with? Don't worry. Below to manually remove Conficker virus from your computer
1. Disconnect the infected computer from the network both LAN and WIFI network.
2. Turn off system restore (XP over a special) with the click start-> all programs-> accessories-> system tools-> system restore. Once inside the select menu for setting off select all partitions.
3. Turn off the computer service by using the tools provided by Norman for free. You can download here



4. Delete the service svchost.exe fake in registry. You can search manually in the registry. You can open it from start-> run type "regedit"
5. Delete Task Schedule is created by the virus
6. Remove the registry string is created by the virus. To facilitate the registry can use the script below. Copy this script, Use notepad to copy and save with name "repair.inf". Run Repair.inf with the right click, then select install. Or download this script from here


[Version]
Signature="$Chicago$"
Provider=Vaksincom Oyee

[DefaultInstall]
AddReg=UnhookRegKey
DelReg=del

[UnhookRegKey]
HKCU, Software-Microsoft-Windows-CurrentVersion-Explorer-Advanced, Hidden, 0x00000001,1
HKCU, Software-Microsoft-Windows-CurrentVersion-Explorer-Advanced, SuperHidden, 0x00000001,1
HKLM, SOFTWARE-Microsoft-Windows-CurrentVersion-Explorer-Advanced-Folder-Hidden-SHOWALL, CheckedValue, 0x00000001,1
HKLM, SYSTEM-CurrentControlSet-Services-BITS, Start, 0x00000002,2
HKLM, SYSTEM-CurrentControlSet-Services-ERSvc, Start, 0x00000002,2
HKLM, SYSTEM-CurrentControlSet-Services-wscsvc, Start, 0x00000002,2
HKLM, SYSTEM-CurrentControlSet-Services-wuauserv, Start, 0x00000002,2

[del]
HKCU, Software-Microsoft-Windows-CurrentVersion-Applets, dl
HKCU, Software-Microsoft-Windows-CurrentVersion-Applets, ds
HKLM, SOFTWARE-Microsoft-Windows-CurrentVersion-Applets, dl
HKLM, SOFTWARE-Microsoft-Windows-CurrentVersion-Applets, ds
HKLM, SYSTEM-CurrentControlSet-Services-Tcpip-Parameters, TcpNumConnections

For the active file on startup, you can disable through the "msconfig" or manually delete the string:
"HKLM, SOFTWARE-Microsoft-Windows-CurrentVersion-Run"

7. For cleaning the virus W32/Conficker.DV optimally and prevent re-infection, you should use the update to date antivirus and able to detect this virus with both your computer and the patch with http://www.microsoft.com/technet/security/Bulletin/MS08-067.mspx to prevent re-infection.

Related Posts: