It is hard to identify files containing Conficker because the executable are packed and encrypted. When Conficker runs in memory it is fully unpacked. Our memory disinfector scans the memory of every running process in the system and terminates Conficker threads without touching the process it runs in. This helps to keep the system services running.
The tool itself and the source code can be downloaded here:
conficker_mem_killer.exe | 594 K |
And here is a tool to remove the registry entries
regnfile.exe 599 K
More info can be found here