How to remove account lockout virus Conficker?

Conficker is a computer worm targeting the microsoft windows operating system, which uses flaws in Windows software and dictionary attacks on weak administrator passwords and thereby link them to a virtual computer that can be commanded remotely by its authors/hackers.

Symptoms of system affected by "Conficker":

  • Account lockout policies are being tripped, as a result domain accounts with weak passwords keep locking out due to the dictionary attacks by "Conficker"
  • Automatic Updates, Background Intelligent Transfer Service (BITS), Windows Defender, and Error Reporting Services are disabled.
  • Domain controllers respond slowly to client requests.
  • The network is congested, due to the payload propagation by "Conficker"
  • Microsoft sites and various other security-related web sites cannot be accessed.
  • Microsoft and third party security applications will crash.

Prevention from "Conficker":

  • As a first step make sure that,whehter your system possesses all the security updates specified in the Security Bulletin MS08-067.
  • Every users in the active directory should make sure that their network passwords are strong and unique.
  • Disable Autoplay features.
  • Avoid using usb drives without proper scanning.
  • Do not log on to computers by using Domain Admin credentials or credentials that have access to all computers.
  • Remove excessive rights to shares. This includes removing write permissions to the root of any share.


Microsoft also recommends that users apply an update that changes the AutoPlay functionality in Windows to prevent "Conficker" from spreading via USB drives. More information is available in the Microsoft Knowledgebase Article KB971029 .

Removing "Conficker":

To detect and remove this threat and other malicious software, perform a full-system scan with an updated antivirus product such as:

  • Microsoft Security Essentials
  • Windows Live Safety Scanner
  • Microsoft Windows Malicious Software Removal Tool.