Video Screencast Help
Search Video Help Close Back
to help
Not able to make it to Vision this year? Get a sampling in the Best of Vision on Demand group.

w32downadup.b

Updated: 21 May 2010 | 7 comments
jo_usarmymil's picture
jo_usarmymil
0 0 Votes
Login to vote

(newbie here),, Issue: i am able to delete the w32.downadup worm but it keeps coming back.. (past two weeks). I'm using the w32.downadup removal tool, ficker. // Have W2K3 servers with SEP11.0.4. tnx in advance.

Discussion Filed Under:
,

Comments

Peterpan's picture
20
Aug
2009
2 Votes +2
Login to vote
Peterpan

Hope this link can help

Hope this link can help you

http://service1.symantec.com/support/ent-security.nsf/854fa02b4f5013678825731a007d06af/3aa5a06c7bf48bd988257589006cd1e1?OpenDocument

:-)

Jeremy Dundon's picture
20
Aug
2009
1 Vote +1
Login to vote
Jeremy Dundon
Symantec Employee
Accredited

Run the MBSA

Conficker wont infect a system with all of its Windows patches.

Run the Microsoft Baseline Security Analyzer to find out what patches you are missing.
http://technet.microsoft.com/en-us/security/cc184923.aspx

Frank019's picture
20
Aug
2009
1 Vote +1
Login to vote
Frank019

Update your windows with all

Update your windows with all the patch, including the one against downadup, and make sure you have the newest virus definitions. I think it this one for downadup http://www.microsoft.com/downloads/details.aspx?familyid=F26D395D-2459-4E40-8C92-3DE1C52C390D&displaylang=en

Prachand's picture
20
Aug
2009
2 Votes +2
Login to vote
Prachand
Trusted Advisor

Try the following steps to

Try the following steps to prevent the Downadup work to come back again in the network
1. Make sure that  Microsoft security patch KB958644 is installed on all the machines.
 
2.Install the  latest rapid release signatures  on all the machines.
 
3.Disable Autoplay/ Autorun  from all the machines for all the drives.
 
Click Edit to start Group Policy Editor. In the Computer Configuration section of the GPO, expand the Administrative Templates folder.
Click System, and then in the right pane, double-click the Disable Autoplay policy object.
Click Enabled, and then confirm that the All drives object is selected.
Click OK, quit Group Policy Editor, click the Properties dialog box, and then quit the Active Directory Users and Computers snap-in
 
4. Enable network scanning on SEP from the Manager.
 
5.
5. Close the default shares.(Admin$, C$ and other open shares).
 
6. Start  a FULL scanning on all the machines.

Prachand Kumar MCSE-2003 Symantec Technical Specialist (SCTS)

kavin's picture
20
Aug
2009
0 Votes 0
Login to vote
kavin

hi jo, You said that the

hi jo,

You said that the virus keeps coming back.

hence make sure that the system in your network has SEP installed with latets defs & also all the system has the microsoft patch installed.

Derrick Farley's picture
20
Aug
2009
1 Vote +1
Login to vote
Derrick Farley
Symantec Employee
Accredited

Further information on downadup

Further information on downadup is available in the .pdf located here: www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/the_downadup_codex_ed1.pdf 
This detailed write-up comes from our Security Response Team and can help with understanding how downadup works. It also contains great information on how to respond to downadup infections, as well as, response procedures for re-infection.

AravindKM's picture
21
Aug
2009
0 Votes 0
Login to vote
AravindKM

I think You are missing some

I think You are missing some Microsoft security patch. Pls ensure KB960714 and KB958644 installed in all pcs which is present in your network.

Please don't forget to mark your thread solved with whatever answer helped you : ) Thanks & Regards Aravind

Technical Support

Symantec.com

Store

Community Stats

Total Content Items
Members
270,017