|06 May 2009||#1|
| || |
Downadup Removal Tool (Conficker Worm)
I thought i'd post this here as i know it's the forum i use most. However if anyone want to move it, be my guest
Romanians find cure for conficker
Removal tool may spell the end for the notorious Windows worm
BitDefender has released what it claims is the first vaccination tool to remove the notorious Conficker virus that infected some 9 million Windows machines in about three months.
The worm, also known as Downadup, exploits a bug in the Windows Server service used by Windows 2000, XP, Vista, Server 2003 and Server 2008. It spreads primarily through a buffer overflow vulnerability in Windows Server Service where it disables the operating system update service, security center, including Windows Defender, and error reporting.
Security experts claim the worm is the worst infection to date, second to the SQL slammer worm that devastated the Internet in 2003.
The Romanian security vendor said its removal tool, available here(see link at the bottom of article), will delete all versions of Downadup and will not be detected by the virus.
Senior malware analyst Vlad Valceanu said the worm is difficult to remove because it contains an in-built update service.
“BitDefender Labs has been seeing an increase in worms, like Downadup, that have a built-in mathematical algorithm, generating strings based on the current date,” Valceanu said in a written statement.
“The worms then produce a fixed number of domain names on a daily basis and check them for updates.
“This makes it easy for malware writers to upgrade a worm or give it a new payload, as they only have to register one of the domains and then upload the files.”
Remove your Downadup infection!
BitDefender Labs has detected a new and more aggressive Downadup version on Saturday, 07.02.2009. It spreads using a Windows RPC Server Service vulnerability and is called Win32.Worm.Downadup.Gen.
The new version is more resilient to disinfection. Once the system is compromised, the worm disables Windows Update and blocks access to most of the anti-virus websites in order to hinder the user to disinfect his machine.
BitDefender is the first to offer a free tool which disinfects all versions of Downadup and is available for all infected users at: http://bdtools.net This domain is the first to serve a removal tool without being blocked by the e-threat.
The worm itself is not new, it made its first appearance late November 2008, known under the names Conficker or Kido as well exploiting the vulnerability described in the Microsoft security bulletin MS08-067. After successful exploitation it used to install rogue security software on the infected machine.
© BitDefender 2009
Just download the zip file (bd_rem_tool.zip), double click on it, chose "Extract all files..." from the File menu, and follow the wizard's instructions. You can use any other archiver, like WinZip. This will create a folder called bd_rem_tool.Download:
MEGAUPLOAD - The leading online storage and file delivery service
|My System Specs|
|Similar help and support threads for2: Downadup Removal Tool (Conficker Worm)|
|Conficker Worm news||System Security|
|Problem with Avast or Conficker(or some other worm)?||System Security|
|Microsoft: Old Worm Copies Conficker for New Twist||System Security|
|Conficker worm mostly a bust so far||News|
|Run a Conficker removal tool before April 1||System Security|
|Conficker worm gets an upgrade||System Security|
|Conficker worm gets an evil twin||System Security|