w32/Conficker!mem trojan

Posted on 2009-07-04
Last Modified: 2013-11-08
w32/Conficker!mem trojan
svchost could not be repaired
Question by:tomar_10
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions

Expert Comment

ID: 24778941

Author Comment

ID: 24778961
i have tried but it says nothinf foun you can see the log

But stinger says it exist

Microsoft Windows [Version 5.2.3790]
(C) Copyright 1985-2003 Microsoft Corp.

C:\Documents and Settings\admin>cd desktop

C:\Documents and Settings\admin\Desktop>cd conficker

C:\Documents and Settings\admin\Desktop\conficker>econfickerremover
Win32/Conficker worm Removal Tool build: Jun 22 2009 (c) 2009 ESET, spol. s r.o.

Usage: removaltool.exe <options>
Options:  -autoclean  - clean automatically without confirmation
          -reboot     - reboot machine after successful cleaning
          -force      - force deletion of Conficker-like scheduled tasks
Win32/Conficker worm has not been found active in the memory.
Do you want to perform scanning and cleaning anyway? (y/n)
Nothing was found.
Checking for Win32/Conficker.AA files:
Nothing was found.


Author Comment

ID: 24778966
i face this problem
Major Incident Management Communications

Major incidents and IT service outages cost companies millions. Often the solution to minimizing damage is automated communication. Find out more in our Major Incident Management Communications infographic.


Expert Comment

ID: 24778976
I was trying to save you from a lot bigger download.
Here it is:
LVL 47

Accepted Solution

rpggamergirl earned 500 total points
ID: 24779038
You would need to install the MS Patch mentioned in the link if you haven't yet.

And run removal like the tools below:
F-Secure Removal tool:

MS Malicous Removal tool: 

Symantec's W32.Downadup Removal Tool:

Also good idea to run Combofix, it should replace svchost.exe if it finds a clean one in the system.

Please download ComboFix by sUBs:
(If it doesn't run re-download but rename before saving to your desktop)

Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
Double click combofix.exe & follow the prompts.
When finished, it will produce a log. Please save that log and attach it in your next reply by pasting it in the "Code Snippet" or "Attach File" window.
Re-enable all the programs that were disabled during the running of ComboFix..

Do not mouse-click combofix's window while it is running. That may cause it to stall.
CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

If needed, here's the Combofix tutorial which includes the installation of the Recovery Console: 


Author Comment

ID: 24779044
this tool dose not detect anything, its of no use.
LVL 13

Expert Comment

ID: 24780620
Try scanning with...Dr. Web Anti-Virus
LVL 16

Expert Comment

ID: 24867974

Open this webpage and see how many images you can actually see:

That will help us track down which variant of Conficker you have (and if you actually have it or not).

Hope it helps.

Featured Post

Is Your DevOps Pipeline Leaking?

Is your CI/CD pipeline a hodge-podge of randomly connected tools? You’ve likely got a tool to fix one problem & then a different tool to fix another, resulting in a cluster of tools with overlapping functionality. Learn how to optimize your pipeline with Gartner's recommendations

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you thought ransomware was bad, think again! Doxware has the potential to be even more damaging.
Envision that you are chipping away at another e-business site with a team of pundit developers and designers. Everything seems, by all accounts, to be going easily.
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question