0

Possible Duplicate:
Conficker.Exe Removal

i have a windows XP sp 2 computer with windows XP sp2 on it. I have McAfee enterprise virusscan installed and recently i keep getting these popups.

alt text

it looks like the virus scan is detecting, cleaning, deleting, etc which is good but i continually get the same popups.

I ran microsoft malicious software removal tool and some other AV tools and noone detects anything.

any suggestions for how i get rid of this thing permamently. (besides reformatting and reinstalling to OS over again)

Burgi
  • 6,768
leora
  • 6,193

4 Answers4

3

The conficker worm is highly annoying and difficult to remove because it tends to hide where it can't be found by scanning tools (System Restore cache), and duplicates itself all over your system. So your anti-virus tools end up finding the clones, but never the original. However, it is very possible to get rid of.

The last time I removed this worm, all I had to do was disable System Restore, which deletes all restore points (where the worm hides), downloaded and ran the latest release of Microsoft Malicious Software Removal Tool - which I repeated until it found nothing repeatedly. That was it. However, prior removals took a lot more effort.

This Microsoft article will tell you all about this annoying worm and how to remove it. The article also includes a link to a Windows patch that protects against this worm as well - once clean, make sure you apply this patch so this doesn't happen again.

If you are on a network, you'll also have to make sure that all other machines on the same network are also clean and patched as well. What your anti-virus is seeing could be the worm trying to spread to your machine and your anti-virus is catching it before it can infect your system. So your system may not be infected at all, while another machine on the network is and the worm is trying to spread from there.

Cypher
  • 343
  • 2
  • 12
1

First thing to do is disable system restore...slaving it into a known clean system as James suggests is a good idea as long as all autorun crap is disabled. The problem you run into there is if it's rootkitted, improper removal can make the PC not boot. I would look into "finding a copy" of the alohabob software migration software, removing you security software, doing the migration to a file store, format and reinstall, migrate back. I stopped tip-toeing around malware when the majority of the bad ones started implementing rootkit technologies.

RobotHumans
  • 5,934
0

Run a Spybot Search and Destory Scan. Take out the infected hard drive and scan it with a bunch of virus removal software from a known clean system. Make sure you have the latest antivirus updates for each product. Scanning a system with outdated antivirus definitions is of little use.

Basically follow the steps described here.

Community
  • 1
James T
  • 10,351
  • 4
  • 30
  • 31
0

The tools mentioned will help but first thing to do is turn off system restore as mentioned. AND, check that it stays off after a reboot. I have seen one infection where something turned systemn restore back on on boot. The malware had some component that did this. A format was needed on that system. System restore off is critical to removing the malware

Symantec has a tool her ethat might assist as well Symantec Tool

Dave M
  • 13,250