Research Report on CoNFicker
CoNFicker is reported as a computer worm which is able to infect your machine and spread itself to the systems across a network automatically, without manual interaction. Nowadays, the detection rate of this worm have been increased by more than 225% since the starting of year 2009. Therefore, we strongly recommend you to double-check that your system does not have the worm. However, if your PC and installed anti-virus software is up-to-date with latest security updates, then the chances are high that you don’t have such malicious virus on your computer. Once CoNFicker worm gets inside the targeted system, it disables the crucial system services and various security products, download malicious arbitrary files and also prevent you from visiting legitimate, including those web portals which allows you to download the security updates for your machine.
CoNFicker : Distribution Source
One of the main deceptive method used by this worm to spread is that it copies itself onto the Windows system folder. Also, it might spread with the help of file sharing and removable drives, such as thumb drives also known as USB drives, and especially those with a weak password. CoNFicker worm adds a malicious file to the removable drive, so that when this drive connected to other machine, the dialog box identified as “AutoPlay” will display one additional option on your computer screen. In the appeared dialog box, it will show an additional option i.e. “Open folder to view files, Publisher is not specified” was added by this nasty worm.
However, the legit option provided by Windows can be easily identified, because it named as “Open folder to view files using Windows Explorer”. However, if you click on the option provided by CoNFicker virus, then the threat runs and begins to spread as much as possible to other systems. In case, if your PC has been infected with this worm, then you might not be able to download and install certain virus protection security softwares, or you might be unable to access legit and secured web portals which promotes legit Microsoft Updates. Therefore, it you can not access those security apps and certain domains, then try using a security tool mentioned below in this post to help delete viruses.
How To Delete CoNFicker Manually From PC
Step 1: Reboot Your PC in Safe Mode
For Windows XP, Vista, 7
Restart your system. To be sure you do not miss the time when you need to press the F8 key as soon as the computer starts booting. Then after, choose Safe Mode With Networking.
For Windows 8 and 8.1
Tap on the Start button, then Control Panel >> System and Security >> Administrative Tools >> System Configuration.
- Now, check the Safe Boot option and tap on OK button. Click Restart in pop-up.
For Windows 10
- Open Start menu.
- Click on the power button icon just in the right corner of he Start menu in order to show power options menu.
- Press and hold down SHIFT key on keyboard and tap on Restart option while still holding down SHIFT key.
- Then after, click on the Troubleshoot icon, then Advanced options >> Startup Settings. Tap on Restart.
- After the reboot, tap on the Enter Safe Mode With Networking.
Step 2: Hold Start Key + R and copy + paste appwiz.cpl –> OK.
This will open Control Panel. Now look for all CoNFicker related suspicious entries and Uninstall it at once.
Now Type msconfig in the search box and press enter
Uncheck suspicious and CoNFicker related entries.
Step: 3 Press Start Key and R – copy + paste the following command and click on OK:
- notepad %windir%/system32/Drivers/etc/hosts
- Now, a new file will open. If your system has been hacked by CoNFicker, there will be a bunch of unknown IPs connected to the machine at the bottom. Look at the image below:
- If there are lots of suspicious IPs below “Localhost”, then eliminate it without any delay.
Step 4: Press CTRL + SHIFT + ESC key simultaneously. Go to the Processes Tab and try to determine which one is a CoNFicker process.
- Right click on each of the CoNFicker processes separately and select the Open File Location. End process after you open the folder. Then after, remove the directories you were sent to.
Step 5: Type Regedit in Windows search field and hit Enter.
- Once inside, press the CTRL and F together and type the CoNFicker. Right click and remove any entries that you find with a similar name. If they do not show in this way, then go manually to these directories and uninstall them: