|
Windows 2000 Conficker Help
I am quite sure that I have the Conficker C virus and I need a bit of help to remove it. The worm seems smart enough to be able to disable any of the patches that I copied to this PC. I had to download patches from another PC and then transfer them to this one because I can no longer access microsoft, symantic or any sites that I would normally go to to get a patch or fix.
I have all the patches but I am unable to use them because the worm terminates the applications as soon as I start them. I think that if I run the PC in safe mode I will be able to run the patch but the worm has deleted the registry key that allows a boot to safe mode. Is anyone running W2000 that can copy or export the following key. HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SafeBoot Once it is exported just open in notepad and post it here. I can then import the key and I will be able to boot in safe mode again. For more details about the worm read here. W32/Conficker.C!worm Thanks Don |
Here you go - from Windows Advanced Server 2000:
Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot] "AlternateShell"="cmd.exe" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot \Minimal] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot \Minimal\AppMgmt] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot \Minimal\Base] @="Driver Group" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot \Minimal\Boot Bus Extender] @="Driver Group" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot \Minimal\Boot file system] @="Driver Group" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot \Minimal\dmadmin] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot \Minimal\dmboot.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot \Minimal\dmio.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot \Minimal\dmload.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot \Minimal\dmserver] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot \Minimal\EventLog] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot \Minimal\File system] @="Driver Group" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot \Minimal\Filter] @="Driver Group" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot \Minimal\Netlogon] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot \Minimal\PCI Configuration] @="Driver Group" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot \Minimal\PlugPlay] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot \Minimal\PNP Filter] @="Driver Group" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot \Minimal\Primary disk] @="Driver Group" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot \Minimal\RpcSs] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot \Minimal\SAVService] @="service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot \Minimal\SCSI Class] @="Driver Group" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot \Minimal\sermouse.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot \Minimal\sglfb.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot \Minimal\System Bus Extender] @="Driver Group" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot \Minimal\tga.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot \Minimal\vga.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot \Minimal\vgasave.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot \Minimal\WinMgmt] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot \Minimal\{36FC9E60-C465-11CF-8056-444553540000}] @="Universal Serial Bus controllers" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot \Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}] @="CD-ROM Drive" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot \Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}] @="DiskDrive" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot \Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}] @="Standard floppy disk controller" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot \Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}] @="Hdc" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot \Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}] @="Keyboard" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot \Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}] @="Mouse" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot \Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}] @="PCMCIA Adapters" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot \Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}] @="SCSIAdapter" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot \Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}] @="System" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot \Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}] @="Floppy disk drive" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot \Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}] @="Volume" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot \Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}] @="Human Interface Devices" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot \Network] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot \Network\AFD] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot \Network\AppMgmt] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot \Network\Base] @="Driver Group" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot \Network\Boot Bus Extender] @="Driver Group" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot \Network\Boot file system] @="Driver Group" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot \Network\Browser] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot \Network\Dhcp] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot \Network\dmadmin] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot \Network\dmboot.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot \Network\dmio.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot \Network\dmload.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot \Network\dmserver] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot \Network\DnsCache] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot \Network\EventLog] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot \Network\File system] @="Driver Group" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot \Network\Filter] @="Driver Group" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot \Network\LanmanServer] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot \Network\LanmanWorkstation] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot \Network\LmHosts] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot \Network\Messenger] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot \Network\NBF] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot \Network\nbf.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot \Network\NDIS] @="Driver Group" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot \Network\NDIS Wrapper] @="Driver Group" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot \Network\NDISUIO] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot \Network\NetBIOS] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot \Network\NetBIOSGroup] @="Driver Group" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot \Network\NetBT] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot \Network\NetDDEGroup] @="Driver Group" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot \Network\Netlogon] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot \Network\NetMan] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot \Network\Network] @="Driver Group" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot \Network\NetworkProvider] @="Driver Group" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot \Network\nm] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot \Network\nm.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot \Network\NtLmSsp] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot \Network\PCI Configuration] @="Driver Group" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot \Network\PlugPlay] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot \Network\PNP Filter] @="Driver Group" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot \Network\PNP_TDI] @="Driver Group" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot \Network\Primary disk] @="Driver Group" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot \Network\ProtectedStorage] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot \Network\RpcSs] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot \Network\SAVService] @="service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot \Network\SCSI Class] @="Driver Group" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot \Network\sermouse.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot \Network\sglfb.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot \Network\Streams Drivers] @="Driver Group" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot \Network\System Bus Extender] @="Driver Group" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot \Network\Tcpip] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot \Network\TDI] @="Driver Group" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot \Network\tga.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot \Network\vga.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot \Network\vgasave.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot \Network\WinMgmt] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot \Network\WZCSVC] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot \Network\{36FC9E60-C465-11CF-8056-444553540000}] @="Universal Serial Bus controllers" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot \Network\{4D36E965-E325-11CE-BFC1-08002BE10318}] @="CD-ROM Drive" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot \Network\{4D36E967-E325-11CE-BFC1-08002BE10318}] @="DiskDrive" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot \Network\{4D36E969-E325-11CE-BFC1-08002BE10318}] @="Standard floppy disk controller" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot \Network\{4D36E96A-E325-11CE-BFC1-08002BE10318}] @="Hdc" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot \Network\{4D36E96B-E325-11CE-BFC1-08002BE10318}] @="Keyboard" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot \Network\{4D36E96F-E325-11CE-BFC1-08002BE10318}] @="Mouse" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot \Network\{4D36E972-E325-11CE-BFC1-08002BE10318}] @="Net" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot \Network\{4D36E973-E325-11CE-BFC1-08002BE10318}] @="NetClient" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot \Network\{4D36E974-E325-11CE-BFC1-08002BE10318}] @="NetService" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot \Network\{4D36E975-E325-11CE-BFC1-08002BE10318}] @="NetTrans" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot \Network\{4D36E977-E325-11CE-BFC1-08002BE10318}] @="PCMCIA Adapters" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot \Network\{4D36E97B-E325-11CE-BFC1-08002BE10318}] @="SCSIAdapter" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot \Network\{4D36E97D-E325-11CE-BFC1-08002BE10318}] @="System" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot \Network\{4D36E980-E325-11CE-BFC1-08002BE10318}] @="Floppy disk drive" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot \Network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}] @="Volume" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot \Network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}] @="Human Interface Devices" SD |
Or you might try this link.........
Remove Downadup - Removal tool for Downadup (known also as Conficker or Kido) |
Hello Daz
I have tried the link that you posted - It does not seem to provide any direct evedence of infection or otherwise - The module only requests a updlad of files for statistical analysis. What's actually going on with the module.
CAT III |
Worked for me - downloaded the zip file, ran the exe and checked my system is clean.
SD |
Thanks for the help everyone.
I had a copy of BitDefender but every time I tried to run it the worm terminated the session. Thats why I needed to start in safe mode. I ran the app in safe mode and everything was done in a few minutes. Don |
| All times are GMT. The time now is 12:17. |
Copyright © 2026 MH Sub I, LLC dba Internet Brands. All rights reserved. Use of this site indicates your consent to the Terms of Use.