Endpoint Protection

Hello all,
                     I am fahad from pakistan i am network administrator in private company,i have 70 client computers, all client computer are infected with this virus w32.downadup.B i am using SAV10 ,my domain controller is infected as well, sav only do take action partially not permanently, kindly help i do have use all removal but no one is working properly,thanks

Have you tried this ..

http://www.symantec.com/security_response/writeup.jsp?docid=2009-011316-0247-99

Please install the following Patches (MS08-067,MS08-078) on all the computers without fail.

Check this link for more info..
https://www-secure.symantec.com/connect/articles/best-practice-downadupb-and-additional-information-same

 

After you clean it up, ensure that you also check your services.
Background Intelligent Transfer Service & Windows Automatic Updates - both these services are disabled by downadup.
Ensure that you set both services to automatic.
Else you will not get any patches.

Another most important action is to isolate infected computers , this can prevent to spread the virus to the others ( if there are still free of virus..).

 Don't forget to install at least the MS08-067 to all computers without this important patch.

Also, change user's login password

we ware have this virus in our network and it was genrator file which generat the virus, we couldnot catch it, i called symantec and they told me to download the microsoft monthly removel tool and it work and the file which generat  the virus was catch and the endpoint catch the virus.

BITS is supposed to be manual, not automatic.
Automatic update service is automatic, and starts BITS as needed.
So set the automatic updates to automatic, and BITS (background intelligent transfer service) to manual.
However, you have to setup updates in the control panel if you want automatic updates, otherwise you have to update manually.

Hello I was have downadup too.
I fixed my downadup problem.
-Update OS (critical,important and security updates)
-Update SEP
-change weak password.
-change domain admins members password (if they weak)
-Change administrator password if it weak
-create a daily reports.
-create a notifications (new virus detected,single risk event)
- change antivirus and antispy policy first action is delete
-follow the reports.
-check Users sharing

Thanks
Fatih.

well dear as i told you i am using sav 10 , and that sav10 is installed at domain controller, i can't receive any notifacation on server as i run removal script , problem is that clients computer are infected as you told you to install MS08-067 i did it , but once i D.exe finished, msg accur installed MS-08-067 patch as i installed already.

help

Try this
Best Practice for Downadup.B and Additional information on the same. 

Dear all i did it it many time but i am unable to  remove this virus, it need to disconnected all shared drives from domain controller ? and run windows in safe mode ?then run removal ? guide me please

as you said change my password i did it , i have changed my domain controller's administrator password, you mean i have to change all domain members password ?

Did you done everything according to the article provided above.?
Patch level and virus definition is up to date?
The MS paches KB960714&Kb958644 are most importent in your senario.
"as you said change my password i did it , i have changed my domain controller's administrator password, you mean i have to change all domain members password ?"
In fact all domain accounts should have a strong password.If it is not present pls change it.

Dear Fahad ,

           I am not sure if your Problem is resolved Or you still need help however we faced a similar situation at customer end last year and as per my engineers , MSRT ( Microsoft Malicious Software Removal tool)  was working better as compared to any other Antivirus Software .Try that on your DC and few clients .
There is also another software named Combofix ( download from Bleepingcomputer.org) which is very useful however try it on one of the clients first .
Also download conficker detection tool from the URL mentioned below and scan your network .It will tell you how many machines are infected .For each machine ,do the following .

a) Remove network cable and Run MSRT or Combofix
b) Restart the machine .Apply Windows Patch .Restart again and than Scan the whole machine with SAV .
c) Once completely scanned and found clean ,connect the network cable back .

http://www.foundstone.com/us/resources-free-tools.asp

Hopefully it should help . Remember that it copies itself to USB Drives as well so you need to scan and clean all the USB Memory sticks Or hard disks which are being used in your company .

I have to say that I am seriously disappointed with the performance of our Symantec Endpoint Protection which we have paid for for the last few years and it is unlikely that I will now be renewing as the software has completely failed to deal with this virus and despite following all the instructions here I am still firefighting this virus on our network of 20-25 PC's. The removal tool doesn't work, in fact AVG FREE Edition seems to find and remove more than this product, though still fails to completely remove it.

I thi9nk that my point is this. If we are PAYING for software to protect us, and it is failing to do so, and even to succeed with basic viruses you have to manually go to each PC, what are we supposed to do as IT Managers and Network Admins that are responsible for large numbers of client machines!? Is there not a product out there that WORKS??

Can someone, anyone, PLEASE come up with a sensible solution to this problem for Network Admins. So far all the solutions offered either fail completely or are just not practical/are unrealistic.

Symantec better come up with a network removal tool pronto if I'm to renew in feb.

@josepheaven

Have you checked my article on dealing with Downadup