Removing the Win32 / Conficker worm virus is a rather complex operation, the execution of which will require sufficient experience with the computer system. At the same time, this procedure can be carried out using standard tools of the Windows operating system and without the involvement of additional third-party software.
Instructions
Step 1
Click the "Start" button to bring up the main menu of the system and enter the value services.msc in the "Start Search" field to temporarily disable the server service.
Step 2
Specify the services.msc item in the "Programs" list and open the "Server" link with a double click of the mouse.
Step 3
Click the Stop button and specify Disabled in the Startup Type field.
Step 4
Click the "Apply" button to confirm the stop of the server service and return to the main "Start" menu.
Step 5
Go to Run and enter AT / Delete / Yes in the Open field to delete all autorun jobs created.
Step 6
Press Enter to apply the selected changes and return to the command line utility.
Step 7
Enter regedit in the Open box and click OK to complete the operation to stop the Task Scheduler service.
Step 8
Expand the HKEY_LOCAL_MACHINESystemCurrentControlSetServicesShedule registry branch and open the context menu of the Start parameter in the details pane of the registry editor window by right-clicking.
Step 9
Go to Change and enter 4.
Step 10
Click OK to apply the selected changes and restart your computer.
Step 11
Press the "Start" button to bring up the main menu of the system and go to the "Run" item to initiate the procedure for removing Win32 / Conficker manually.
Step 12
Enter regedit in the Open box and click OK.
Step 13
Expand the registry branch HKEY_LOCAL_MACHINESoftwareMicrosoftWindows NTCurrentVersionSvcHost and open the context menu of the netsvcs parameter by right-clicking.
Step 14
Go to Edit and remove the line containing the name of the malicious service.
Step 15
Click OK to confirm the command and return to Registry Editor.
Step 16
Expand the HKEY_LOCAL_MACHINESystemCurrentControlSetServices registry key and find the name of the malicious service that you removed in the previous step.
Step 17
Select the section containing the required service and call the context menu by right-clicking on its field.
Step 18
Go to Permissions and click the Advanced button in the SvcHost Permission Items dialog box.
Step 19
Apply the check boxes for Inherit from parent permissions that apply to child objects by adding them to those explicitly set in this window and Replace permissions on all child objects with permissions set here that apply to child objects in the Advanced Security Settings dialog box.
Step 20
Press F5 to update the registry entries and return to the utility.
21
Expand the HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersinRun registry key and remove any parameters beginning with rundll32.exe in both subkeys of the application window.
22
Check all disks on the system for Autorun.inf files and remove any that are in doubt.
23
Restart your computer and return to the command line tool.
24
Enter the following value:
reg.exe add
HKLMSoftwareMicrosoftWindowsCurrentVersionExplorerAdvancedFolderHiddenSHOWALL / v CheckedValue / t REG_DWORD / d 0x1 / f Then press Enter.
25
Select the Folder Options command from the Tools menu and go to the View tab.
26
Check the box next to "Show hidden files and folders" and click OK.
27
Return to Registry Editor and invoke the context menu of the malicious DLL that is loaded as ServiceDLL in the details pane of the Registry Editor window.
28
Select "Properties" and go to the "Security" tab.
29
Select "Everyone" and apply the check box in the "Full Control" field in the "Allow" column.
30
Click OK and delete the DLL file accessed by the malware.
31
Turn on Background Intelligent Transfer Service (BITS), Automatic Updates, Windows Defender, and Error Logging.
32
Go back to the command line tool and enter the following value: reg.exe add
HKLMSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorer / v NoDriveTypeAutoRun / t REG_DWORD / d 0xff / a Then press the Enter key to disable autorun.
33
Enter netsh interface tcp set global autotuning = normal. Press Enter to apply the selected changes.
34
Reboot your computer.
