Tag Archives: kido

Conficker/downadup/kido worm – detection and removal tools

Being as it is that one of this worm’s characteristics is to block access to security websites, this post is to help circumvent this problem. If your computer is infected or you suspect is infected, here’s a number of free detection and removal tools that deal with this infection. Click on the appropriate link to download to your computer. Double click on the file and follow the instructions:

BitDefender Single PC Removal Tool: Removes Downadup from a single PC

McAfee Detection Tool: It can detect if any of your computers is infected in a network

Symantec Removal Tool: Symantec’s W32.Downadup/conficker removal tool

Sophos’ Network Removal Tool: Sophos’ Conficker clean-up tool to remove Conficker from an infected network

Sophos’ Standalone Removal Tool: Sophos’ Conficker clean-up tool to remove Conficker from one or more single computers

Contact me if you need help using any of these utilities.

Conficker virus – Are you infected?

How to interpret:

If you see this above: It probably means this:
All images displayed = Normal/Not Infected by Conficker (or using proxy)
Security/AV logos not displayed = Possibly Infected by Conficker (C variant or greater)
Some security/AV logos not displayed = Possibly Infected by Conficker A/B variant
No images displayed = Image loading turned off in browser?
Any other combination = Poor Internet connection?

Explanation:

Conficker (aka Downadup, Kido) is known to block access to over 100 anti-virus and security websites.

If you are blocked from loading the remote images in the first row of the top table above (AV/security sites) but not blocked from loading the remote images in the second row (websites of alternative operating systems) then your Windows PC may be infected by Conficker (or some other malicious software).

If you can see all six images in both rows of the top table, you are either not infected by Conficker, or you may be using a proxy server, in which case you will not be able to use this test to make an accurate determination, since Conficker will be unable to block you from viewing the AV/security sites.

If you are indeed infected, follow this link for some detection/removal tools:

http://remotehelpexpert.com/blog/?p=98

Let me know if you need help with this.