Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.

Windows 7: Downadup Removal Tool (Conficker Worm)

06 May 2009   #1

Vista X64 ultimate/ 7 X64 Ultimate (7264)
Downadup Removal Tool (Conficker Worm)

I thought i'd post this here as i know it's the forum i use most. However if anyone want to move it, be my guest

Romanians find cure for conficker
Removal tool may spell the end for the notorious Windows worm

BitDefender has released what it claims is the first vaccination tool to remove the notorious Conficker virus that infected some 9 million Windows machines in about three months.

The worm, also known as Downadup, exploits a bug in the Windows Server service used by Windows 2000, XP, Vista, Server 2003 and Server 2008. It spreads primarily through a buffer overflow vulnerability in Windows Server Service where it disables the operating system update service, security center, including Windows Defender, and error reporting.

Security experts claim the worm is the worst infection to date, second to the SQL slammer worm that devastated the Internet in 2003.

The Romanian security vendor said its removal tool, available here(see link at the bottom of article), will delete all versions of Downadup and will not be detected by the virus.

Senior malware analyst Vlad Valceanu said the worm is difficult to remove because it contains an in-built update service.

“BitDefender Labs has been seeing an increase in worms, like Downadup, that have a built-in mathematical algorithm, generating strings based on the current date,” Valceanu said in a written statement.

“The worms then produce a fixed number of domain names on a daily basis and check them for updates.

“This makes it easy for malware writers to upgrade a worm or give it a new payload, as they only have to register one of the domains and then upload the files.”

Remove your Downadup infection!

BitDefender Labs has detected a new and more aggressive Downadup version on Saturday, 07.02.2009. It spreads using a Windows RPC Server Service vulnerability and is called Win32.Worm.Downadup.Gen.

The new version is more resilient to disinfection. Once the system is compromised, the worm disables Windows Update and blocks access to most of the anti-virus websites in order to hinder the user to disinfect his machine.

BitDefender is the first to offer a free tool which disinfects all versions of Downadup and is available for all infected users at: This domain is the first to serve a removal tool without being blocked by the e-threat.

The worm itself is not new, it made its first appearance late November 2008, known under the names Conficker or Kido as well exploiting the vulnerability described in the Microsoft security bulletin MS08-067. After successful exploitation it used to install rogue security software on the infected machine.

BitDefender 2009

Installation instructions
Just download the zip file (, double click on it, chose "Extract all files..." from the File menu, and follow the wizard's instructions. You can use any other archiver, like WinZip. This will create a folder called bd_rem_tool.

Inside it, find the program called "bd_rem_tool.exe" (or just "bd_rem_tool") and double click on it. It is very important to extract all the files from the zip archive, and not only bd_rem_tool.exe, because all the other files are needed for the disinfection. Then follow the tool's instructions.

If you have Windows Vista with User Acccess Control enabled, or if you are running as a restricted user in Windows XP, right click the "bd_rem_tool" program and choose "Run as Administrator". You will be prompted to enter credentials for an admin account.

We recommend a system reboot after the disinfection is complete, to restore full internet access.
Code: [Select]
MEGAUPLOAD - The leading online storage and file delivery service

My System SpecsSystem Spec


 Downadup Removal Tool (Conficker Worm)

Thread Tools

Similar help and support threads for2: Downadup Removal Tool (Conficker Worm)
Thread Forum
Conficker Worm news System Security
Problem with Avast or Conficker(or some other worm)? System Security
Microsoft: Old Worm Copies Conficker for New Twist System Security
Conficker worm mostly a bust so far News
Run a Conficker removal tool before April 1 System Security
Conficker worm gets an upgrade System Security
Conficker worm gets an evil twin System Security

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 11:42 AM.
Twitter Facebook Google+

Windows 7 Forums

Seven Forums Android App Seven Forums IOS App

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33