5 Replies Latest reply on Feb 5, 2009 9:15 AM by Peter M

    Conficker!mem

      Hello, does anyone have comprehensive instructions on how to clean this variant of Conficker? VirusScan on-demand scans are detecting infections but are unable to clean/delete them.

      Thanks, David
        • 1. RE: Conficker!mem
          Peter M
          First, what is your operating system and service pack? Are you up to date with both critical and non-critical updates from Microsoft Updates? This tends to attack unpatched systems.

          See: http://vil.nai.com/vil/content/v_153483.htm

          I suggest making sure that VirusScan is up to date then temporarily disabling System Restore (assuming Windows ME, XP or Vista), rebooting to Safe Mode by tapping F8 repeatedly while booting up, then going to My Computer (Computer in Vista) and right-clicking the hard drive and selecting Scan. Let the scan finish. You will see an extra icon in the taskbar, hover over it for a progress report.

          If that doesn't do the trick then run the free version of either or both of the following anti-spyware tools and letting them delete anything they find:

          http://www.superantispyware.com/superantispywarefreevspro.html
          http://www.malwarebytes.org/mbam.php
          • 2. RE: Conficker!mem
            Thanks. I should have posted more info.

            I'm in a corporate environment, with 12,000+ machines - about 500 are infected. All of these are up to date with Windows patches - including service packs and the MS08-067 patch.

            McAfee Stinger can detect Conficker!mem but cannot remove it. VirusScan 8.5, Patch 7, latest DAT and engine, can also detect but not remove.

            Of the other AV vendors removal tools I have tried, the only one which works is that from F-Secure.
            • 3. RE: Conficker!mem
              Peter M
              Oh dear, we are only really au fait with home machines here, not vast numbers.

              Your best bet is to post again with full information in Desktop & Server for the best advice as you have VSE 8.5. The only suggestion I have is, after all this, update to 8.7i or at least 8.5i patch 8, but they would know best.

              Sorry to seem like I'm trying to fob you off, but we don't deal with the Corporate side in this section of the board.
              • 4. RE: Conficker!mem
                No problem. Thanks for your reply. I will re-post elsewhere.
                • 5. RE: Conficker!mem
                  Peter M
                  I see you've posted in General Corporate, good luck.

                  Locking this one.