Everything you wanted to know about Conficker worm …

February 7th, 2009

... but were afraid to ask!

Microsoft has put together two pages all about the Conficker worm. One page aimed at home users and another for IT pros.

Here are the highlights:


  1. Apply the security update associated with MS08-067. View the security bulletin for more information about the vulnerability, affected software, detection and deployment tools and guidance, and security update deployment information.
  2. Make sure you are running up-to-date antivirus software from a trusted vendor, such as Microsoft's Forefront Client Security or Windows Live OneCare. Antivirus software may also be obtained from trusted third-parties such as the members of the Virus Information Alliance.
  3. Isolate "unpatched" or legacy systems using the methods outlined in the Microsoft Windows NT 4.0 and Windows 98 Threat Mitigation Guide.
  4. Implement strong passwords as outlined in the Creating a Strong Password Policy whitepaper.
  5. Disable the AutoPlay feature through the registry or using Group Policies as discussed in Microsoft Knowledge Base Article 953252.
    NOTE: Windows 2000, Windows XP, and Windows Server 2003 customers must deploy the update associated with Microsoft Knowledge Base Article 953252 to be able to successfully disable the AutoRun feature. Windows Vista and Windows Server 2008 customers must deploy the security update associated with Microsoft Security Bulletin MS08-038 to be able to successfully disable the AutoRun feature.

Removal - automatic

  • Manually download MSRT on to uninfected PCs and deploy to infected PCs to automatically clean infected systems.

Removal - manual

This seems like a lot of work to me but if you're really stuck this might be your only hope.

This entry was posted on Saturday, February 7th, 2009 at 19:55 and is filed under Stay Secure. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.

Comments are closed.