W32.Downadup.B --W32.Linkfars --W32.Downadup.B
Updated: 21 May 2010 | 10 comments
Dear,
I found W32.Downadup.B --W32.Linkfars --W32.Downadup.B virus, but I dont understand why Symantec Endpoint Protection 11v doesnt delete it.
When I generate the report from Manager it given me a list of client PCs where those virus exists. I double checked on google and I found that there are some removal tools available to remove it. How its possible to go each PCs and use that removal tools.
As there any short way to use Manager to remove those virus from client PCs.
Client Pcs are using XP sp2.
Many Thanks in advance.
Discussion Filed Under:
Comments
Update your O.S.
Hi,
you wrote you still have Windows XP SP2, very bad, you are not protected against a lot of viruses. Install the SP3 and all possible further Microsoft patches. The same for the rest of your O.S.'s, all of them.
Regards,
Regards,
Giuseppe
Yes, with using SP3, I am
Yes, with using SP3, I am getting alot of errors, with IE and other different errors that is sure its from Microsoft.
By the way, when removal tools is comming for specific virus, why not Symantec endpoint protection itself doesnt delete it ?
Dear Sir, Symantec detects
Dear Sir,
Symantec detects and cleans billions of malwares but thousands of new malwares are release every day to exploit O.S. defects. We try to catch and detect most of new malware but you can understand that for any AV company it is not possible to catch and detect all of them. If you don't fix the defects of you O.S. you will be always under the attacks of new malware and Symantec (and any other security company) cannot replace the lack of Microsoft patches in your system.
To be more clear, try to think in this way: you have an burglar alarm in your house that is able to recognize and stop almost all known malicious people and some common malicious activities. Every time a new criminal is recognized by the police, his face is added in the database of your alarm but a lot of suspiscious guys are around your house. Would you leave open the door of your house just because you have this system of alarm? I don't think so. Unfortunately every defect not patched in your systems is like an open door. You should put your best effort to close these doors.
Regards,
Regards,
Giuseppe
I had that same experience
I had that same experience too... SEP can detect and delete some of those downadups and others can be quarantined, but to complete the system protection you must upgrade your sp2 to sp3 so that downadup can never infiltrate again your system... but ofcourse you must also consider also some applications which might affect your upgradring to SP3.
Hi, I have to clarify that
Hi,
I have to clarify that the SP3 does not fix the bug exploited by Downadup. It is important to apply the rest of Microsoft patches.
I am aware that some patches create some issues with some applications but the other applications must be maintened and upgraded to work with a patched O.S.
Symantec puts a big effort in helping its customers but cannot remediate 3rd part products' defects.
Regards,
Regards,
Giuseppe
I agree
I agree to Guiseppe..Symantec is doing its best detecting it..but if you are not patching your system..The infection goes deep into your system..making it difficult for the AV engine to delete it..
VMWARE-- SEP 12.1 vs McAfee vs Trend Micro
Have you tried the full scan
Have you tried the full scan in safe mode on the clients computer yet? I also agree with both Vikram and Giuseppe about updating to Windows XP sp3. I don't think anyone has asked yet, what version of SEP are you running and is it fully updated? If not, then that should be priority 1 followed right behind by updating windows xp. You also made it sound like you are not able to get physical access to these machine yourself is that correct?
Grant-
Please don't forget to mark your thread solved with whatever answer helped you : )
same problem
the patch from microsoft that this virus exploits was applied. symantec detected it but didn't stop it. that's helpful. it might as well not even detect it. good work symantec.
The Microsoft's vulnerability
The Microsoft's vulnerability exploited by Downadup is not the only vector used by this worm. A lot of useful discussions about Downadup are in this forum and all around. You can also call our Support to obtain further suggestions and clean your environment.
Regards,
Regards,
Giuseppe
You might want to check the
You might want to check the solution at this forum
https://www-secure.symantec.com/connect/forums/w32downadup
" Please read this document from Symantec about Downadup
http://www.symantec.com/security_response/writeup....
Make sure your systems have the latest windows updates especially the Microsoft Security Update for Windows XP (KB958644)
You can also download the removal tool which is stated on the KB (Downadup Removal Tool)
Scan your computer on safe mode and make sure you have the latest virus definition updates."
from Paul Mapacpac
Would you like to reply?
Login or Register to post your comment.