Endpoint Protection

 View Only
  • 1.  w32downadup.b

    Posted Aug 20, 2009 11:23 AM
    (newbie here),, Issue: i am able to delete the w32.downadup worm but it keeps coming back.. (past two weeks). I'm using the w32.downadup removal tool, ficker. // Have W2K3 servers with SEP11.0.4. tnx in advance.


  • 2.  RE: w32downadup.b



  • 3.  RE: w32downadup.b

    Posted Aug 20, 2009 11:34 AM
    Conficker wont infect a system with all of its Windows patches.

    Run the Microsoft Baseline Security Analyzer to find out what patches you are missing.
    http://technet.microsoft.com/en-us/security/cc184923.aspx



  • 4.  RE: w32downadup.b

    Posted Aug 20, 2009 12:00 PM
    Update your windows with all the patch, including the one against downadup, and make sure you have the newest virus definitions. I think it this one for downadup http://www.microsoft.com/downloads/details.aspx?familyid=F26D395D-2459-4E40-8C92-3DE1C52C390D&displaylang=en


  • 5.  RE: w32downadup.b

    Posted Aug 20, 2009 01:00 PM
    Try the following steps to prevent the Downadup work to come back again in the network

    1. Make sure that  Microsoft security patch KB958644 is installed on all the machines.
     
    2.Install the  latest rapid release signatures  on all the machines.
     
    3.Disable Autoplay/ Autorun  from all the machines for all the drives.
     
    Click Edit to start Group Policy Editor. In the Computer Configuration section of the GPO, expand the Administrative Templates folder.
    Click System, and then in the right pane, double-click the Disable Autoplay policy object.
    Click Enabled, and then confirm that the All drives object is selected.
    Click OK, quit Group Policy Editor, click the Properties dialog box, and then quit the Active Directory Users and Computers snap-in
     
    4. Enable network scanning on SEP from the Manager.
     
    5.
    5. Close the default shares.(Admin$, C$ and other open shares).
     
    6. Start  a FULL scanning on all the machines.


  • 6.  RE: w32downadup.b

    Posted Aug 20, 2009 01:24 PM
    hi jo,

    You said that the virus keeps coming back.

    hence make sure that the system in your network has SEP installed with latets defs & also all the system has the microsoft patch installed.


  • 7.  RE: w32downadup.b

    Posted Aug 20, 2009 04:41 PM

    Further information on downadup is available in the .pdf located here: www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/the_downadup_codex_ed1.pdf 
    This detailed write-up comes from our Security Response Team and can help with understanding how downadup works. It also contains great information on how to respond to downadup infections, as well as, response procedures for re-infection.



  • 8.  RE: w32downadup.b

    Posted Aug 21, 2009 05:22 AM
    I think You are missing some Microsoft security patch. Pls ensure KB960714 and KB958644 installed in all pcs which is present in your network.