There are three main versions of the worm.
The first version of the worm, Conficker.A, started to spread around the Internet in November 2008. An updated version, dubbed Conficker.B, was released by the worm's writers in January 2009. Conficker.C has been programmed to update itself with an archive of websites on April 1. All three versions contain a list of 50,000 websites from which they can download commands from the individuals who programmed it.
Conficker.A and Conficker.B randomly select 250 of the websites daily and use the them to update themselves. On April 1, Conficker.C will try to download a new file of 50,000 websites and will poll 500 per day looking for orders.
Shutting down the websites that feed Conficker its commands isn't easy. The worm has managed to infect computer servers that supply websites such as Google.com, Yahoo.com and Facebook.com.
Quick test, if you are infected:
1. Windows Automatic Update – disabled.
2. Unable to update your antivirus, antispyware, AdAware.
If you have those two symptoms, probably your computer is infected.
You can clean this virus in a couple of minutes with BitDefender here.
Once installed, Conficker.C implements a variety of nasty behaviors. The worm will attempt to disable Windows Automatic Update, stop access to the Windows Security Center and Windows Defender -- all to prevent disinfection. It can detect and kill SysInternals' Process Explorer program, and will interfere with the operation of a number of other search-and-destroy programs (ex. WireShark, SysClean).
Conficker will reset and delete system restore points so you can't go back to an uninfected installation of your operating system. Disable various services (including BITS (Background Intelligent Transfer Service) ERSvc (Error Reporting Service) and WerSvc (Windows Error Reporting Service, Vista-only). In a final fit of pique, Conficker.C will prevent any attempt to connect to a variety of antivirus software services or websites. This behavior is nothing new to malware in general, but it's the first time we've seen it from our Conf(l)ickt-causing little friend.
Protection
Conficker.C exploits a particular vulnerability in Windows that was announced in October 2008 which allows code to be remotely executed. Nobody exactly knows what
Conficker.C is supposed to do on April 1st, other than receive and and execute instructions from various remote systems, but it is presumed that infected computers will become minions of some huge botnet, with some nefarious purpose such as a large denial of service attack on a singular or group of entities or perhaps steal huge quantities of personal information. Or wipe everyone’s hard disks.
We see Conficker.C as a good excuse to perform an annual “Spring Cleaning” of your PC, especially if you’re finding performance to be sluggish and are experiencing what is commonly refer to as “Windows Crotch Rot” — the natural deterioration of a Windows system after a period of lengthy use due to registry corruption and leftover junk. To evaluate your Windows XP, you can perform scan here. At the end, it will show you all your errors. Then you can repair them one by one, or program will do it for you.
Antivirus Software
Conficker.C is a particularly nasty virus as it is capable of scanning and killing processes for security products including disabling firewalls, patch deployment, as well as antivirus software. So it’s essential that your antivirus software is kept up to date.
For fully integrated free virus scanners for Windows, we happen to be partial to AVG Home Edition. It automatically updates itself and provides scanning with a slicklooking and easy to interface.
Antispyware Packages
Spyware and Adware protection is another area where end-users can get complacent. The first of which is Spybot Search and Destroy, which is by far the most comprehensive free spyware scanning and cleaning solution available today