How to remove Downadup (Conficker) worm

Malware Description:
Downadup (also known as Conficker) is a hazardous infection that can affect your computer security activities. Downadup is a worm that replicates itself through networks to contaminate as many computers in them as possible. The apparent external manifestations of Downadup presence on your PC involve your inability to install anti-malware tools and get your own antivirus software updated. With Downadup on board, the System Restore option will usually be disabled in order to prevent you from getting your system to function like it was before it got infected. Downadup is also known to keep you from visiting some sites offering malware removal utilities. This worm can also connect to some web resources that enable determining IP addresses of network computers, to eventually propagate further and expand its malicious area. PC security utilities may report Downadup as follows: W32.Downadup, W32/Downadup.AL, Win32.Worm.Downadup.Gen, W32/Conficker.worm.gen, Worm.Conficker, W32/Confick-A, Win32/Conficker.A, Mal/Conficker. It is highly recommended to terminate Downadup worm in all its forms before it’s gone too far devastating your system.

Malware Type: Worms

Malware Author: Unknown

Threat Level: Critical

Advice: Immediately remove and scan for additional malware

Downadup Free Scanner and Remover: Download Now

Downadup IP Addresses Scan Screenshot:

Downadup IP Addresses Scan

How to remove Downadup manually:
Manual removal of Downadup is feasible if you have sufficient expertise in working with program files, system processes, .dll files and registry entries.

The files to be deleted are listed below:

  • %systemroot%\system32\[...].dll

The associated registry entries to be removed are as follows:

  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\[...].dll
    ImagePath = %SystemRoot%\system32\svchost.exe -k netsvcs
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\<%random_dllname%>
    DisplayName = “”
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\<%random_dllname%>
    Type = dword:00000020
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\<%random_dllname%>
    Start = dword:00000002
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\<%random_dllname%>
    ErrorControl dword:00000000
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\<%random_dllname%>
    ImagePath = “%SystemRoot%\system32\svchost.exe -k netsvcs”
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\<%random_dllname%>
    ObjectName = “LocalSystem”
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Nls
    (Default) = dword:%Number%

Please, be informed that manual removal of Downadup is a cumbersome procedure and does not always ensure complete deletion of the malware, since some files might be hidden or may automatically reanimate themselves afterwards. Moreover, manual interference of this kind may cause damage to the system. That’s why we strongly recommend automatic removal of Downadup, which will save your time and enable avoiding any system malfunctions and guarantee the needed result.

Download Downadup Worm Automatic Remover

Like This Article? Let Others Know!

Post a Comment: