Win32/Conficker.AA also known W32/Worm.AHGV, Net-Worm.Win32.Kido.bg, Worm:Win32/Conficker, W32/Conficker.worm.gen, Mal/Conficker is a worm that uses Microsoft Windows Server Service RPC Handling Remote Code Execution Vulnerability (MS08-67) in order to spread on other computers in the local network. The worm blocks user access to security websites, deletes all the System Restore points prior to infection, protects itself from deletion by removing all NTFS file permissions,except execute and directory traversal and more. Starting in April 2009, this worm also installs Spyware Protect 2009.
Automated Removal Instructions for Conficker worm.
1. Download MS08-67 vulnerability patch, according to your Windows version, from here.
2. Install MS08-67 vulnerability patch.
3. Download Win32.Worm.Downadup.Gen (Win32/Conficker.AA) removal tool by BitDefender from here.
4. Unzip/extract it to a folder on your desktop.
5. Unplug network cable.
6. Open folder and you will now see an icon on your desktop similar to the one below.
Anti-Downadup-graphics (WormW32Downadup.AL removal tool) icon
7. Double click to Anti-Downadup-graphics icon to run it and you will see a prompt similar to the figure below.
WormW32Downadup.AL removal tool main window
8. Click Start button.
9. Reboot your computer when done.
10. Plug in your network cable.
11. Make a new restore point.
Manual Removal Instructions for Conficker worm
Click here for read Microsoft Knowledge Base Article 962007 provides numerous details for manual disinfection.
Note: if you need help with the instructions, then post your questions in our Spyware Removal forum.