Intel,Altiris Group

You will need to make sure that the microsoft patch is applied on all your machines in the network,
And also all the machines have the Antivirus running with latest defs.
If its getting detected on the other machine that means that machine is clean but some other machine is trying to infect & auto protect is blocking it.

Its actually a W32.Downadup.B Virus which pop up then and there. I tried from this website http://securityresponse.symantec.com/security_response/writeup.jsp?docid=2008-123015-3826-99. But no solution was to be found.
OS Name : Microsoft Windows XP Professional
Version : 5.1.2600 Service Pack 2 Build 2600
OS Manufacturer : Microsoft Corporation
System Manufacturer : System manufacturer
System Model System Product Name
System Type X86-based PC
Processor x86 Family 15 Model 6 Stepping 4 GenuineIntel ~3400 Mhz
Processor x86 Family 15 Model 6 Stepping 4 GenuineIntel ~3400 Mhz
BIOS Version/Date American Megatrends Inc. 0401, 7/7/2006
SMBIOS Version 2.4
Windows Directory C:\WINDOWS
System Directory C:\WINDOWS\system32
Boot Device \Device\HarddiskVolume1
Hardware Abstraction Layer Version = "5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)"
Total Physical Memory 512.00 MB
Available Physical Memory 85.39 MB
Total Virtual Memory 2.00 GB
Available Virtual Memory 1.96 GB
Page File Space 1.20 GB
Page File C:\pagefile.sys

The Auto-protect results shows that w32.downadup.B is partially cleaned file name pezbney.fgh
Is there any other tool from any website that I can download to clear this virus permanently.

Virus alert about the Win32/Conficker.B worm
http://support.microsoft.com/kb/962007

Run the Malicious Software Removal tool

The Microsoft Malware Protection Center has updated the Malicious Software Removal tool (MSRT). This is a stand-alone binary that is useful in the removal of prevalent malicious software, and it can help remove the Win32/Conficker malware family.

You can download the MSRT from either of the following Microsoft Web sites:
http://www.update.microsoft.com
(http://www.update.microsoft.com)
http://support.microsoft.com/kb/890830

Run NSS
Restart the computer in safe mode with networking and run NSS

ftp://ftp.symantec.com/misc/tools/nss/NortonSecurityScan.exe

w32.Downadup.B Virus is a worm even if you have 1 computer enfected with it. That computer will attack 1000 computer in you network.. If are seeing the autoprotect stating about the virus then it could be that some other machine is infected & trying to attck this one.

I would suggest that you follow these step.

Make sure that Microsoft security patch KB958644 is installed on all the machines.
Install the latest rapid release signatures on all the machines.
Disable Autoplay from all the machines for all the drives
Run full scan on all the machine..

I agreed with "HappytoHelp", as in my case it took 2 weeks for only 50 computers to remove it completely.

After running Scan it shows again and again.

Important in case of Downadup is to make sure AutoPlay is Disabled and other steps will be same as Happytohelp has mentioned.

Hi everyone,

I've been solving virus infection problems since a long time, and W32.Downadup has a complete chapter. I've added a new article called (How to beat W32.Dowandup infections - Outbreak Scenario)

https://www-secure.symantec.com/connect/articles/how-beat-w32downadup-infections-outbreak-scenario

If you have any comments/issues you are welcome to speak

 

1.  Download and run WindowsServer2003-KB958644-x86-ENU.exe in Micorosft website. This is the patch for downadup.
2. Download and run Software Malicious Software Removal
http://www.microsoft.com/downloads/details.aspx?FamilyId=AD724AE0-E72D-4F54-9AB3-75B8EB148356&displaylang=en
3. Delete all AT*.job in the task scheduler.
4. Since this is a server, some clients of your server is still infected by Downadup. Try to clean the clients connected.
5. Be sure that SEP is updated since SEP can delete the said risks.
6. Are you inserting any removal drives? Maybe the threats come from the removal drives. Clean it.

I hope it helps.