Conficker hides in the network by patching MS08-067 temporarily
The ISC podcast below shares that Conficker not only deletes system restore points, but it will actually apply the MS08-067 patch as one sophisticated technique for evading detection.
Conficker will actually apply the MS08-067 patch in MEMORY ONLY. Then as soon as you clean the worm, you have a chance of being infected again because MS08-067 isn't fully applied in your Windows registry environment. This could make it harder to find in that you think you're patched or it could show up as patched in a scan -- and yet you're still infected. As shared in my cleaning tips, you must clean, apply patch, and then reboot.
ISC Podcast - includes comments on Conficker
Conficker - Cleaning Tips for Corporate Users