Endpoint Protection

 View Only

  • 1.  W32.Downadup.B

    Posted Mar 30, 2011 02:58 AM

    In a network of 300 clients or more.. there is an outbreak of the w32.downadup.b virus/worm.

     

    How do i go about fighting/removing this animal?

     



  • 2.  RE: W32.Downadup.B

    Broadcom Employee
    Posted Mar 30, 2011 03:19 AM

    Downadup (conficker) is quite old virus. If all machines are patched and udpated with the newest virus definitions you should be safe. However, there are few things to be verified. This is well described in the following document:

    Simple steps to protect yourself from the Conficker Worm
    http://www.symantec.com/business/support/index?page=content&id=TECH93179



  • 3.  RE: W32.Downadup.B

    Posted Mar 30, 2011 04:17 AM

    Removing Downadup is as simple as 1. Update virus definitions. 2. Run a full scan.

    Here's a link to the virus and it contains the link to a removal tool.

    http://www.symantec.com/security_response/writeup.jsp?docid=2008-112203-2408-99&tabid=3



  • 4.  RE: W32.Downadup.B

    Posted Mar 30, 2011 04:32 AM
      |   view attached

    1. Update your Symantec virus definitions and run full scan or run Software Malicious Removal Tool by Microsoft. (http://www.microsoft.com/downloads/en/details.aspx?FamilyId=AD724AE0-E72D-4F54-9AB3-75B8EB148356&displaylang=en)

    2. Use automatic patching such as Microsoft WSUS/SCCM in deploying patches. The patch for Downadup is KB958644.

     

    For Manual Patching:

    1. Run the KB to patch your computer. Please see attachment.

     

    Microsoft Article For Conficker

    http://www.microsoft.com/security/pc-security/conficker.aspx

    Attachment(s)

    zip
    Conficker Patch.zip   2.23 MB 1 version


  • 5.  RE: W32.Downadup.B

    Posted Mar 30, 2011 05:44 AM

    An additional resource:

    https://www-secure.symantec.com/connect/articles/best-practice-downadupb-and-additional-information-same

    Thanks and best regards,

    Mick

     



  • 6.  RE: W32.Downadup.B
    Best Answer

    Trusted Advisor
    Posted Mar 30, 2011 07:06 AM

    Hello,

    Work on the Plan of Action as given below for a 100% result.

    Plan of Action:

    1) Make sure ALL Computers are installed with Symantec EP with latest / updated with virus defintions and

    2) Install MS08-67 patch download [KB 958644] on ALL computer.

    http://www.microsoft.com/technet/security/Bulletin/MS08-067.mspx

    3) Install ALL Latest Microsoft Secuirty Patches / Sevice Packs on ALL machines

    4) Disable Auto play with GPO

    http://support.microsoft.com/kb/953252

    5) Disable Scheduled Tasks with GPO

    http://support.microsoft.com/kb/310208

    6) Enable Security Auditing with GPO

    http://support.microsoft.com/kb/300549

    7) Scan ALL the machines...

    NOTE: *ALL means ALL client machines and server machines (make sure you don't miss any machine)

    Inaddition to this, please check the Article provided below and work upon the same.

    1) Best Practice for Downadup.B and Additional information on the same.

    https://www-secure.symantec.com/connect/articles/best-practice-downadupb-and-additional-information-same

    2) Simple steps to protect yourself from the Conficker Worm

    http://service1.symantec.com/support/ent-security.nsf/docid/2009033012483648



  • 7.  RE: W32.Downadup.B

    Broadcom Employee
    Posted Mar 30, 2011 07:52 AM

    Hi,

    Go through following link

    http://www.symantec.com/security_response/writeup.jsp?docid=2009-011316-0247-99

    Information regarding downadup locking itself out.

    http://www.symantec.com/connect/blogs/downadup-locking-itself-out



  • 8.  RE: W32.Downadup.B

    Posted Mar 31, 2011 12:05 PM

    This is the best way to remove conficker. Believe when I had it I tried them all.

    http://support.microsoft.com/kb/891716