Avatar of jmicorp
jmicorpFlag for United States of America asked on

Infection W32.downadup.B, others? Network reinfecting itself.

I have a windows domain with 2 domain controllers and 3 member servers. W32.downadup.b has made its rounds, damaging one of the member servers. It has restricted access to DNS strings (ie: symantec.com will not resolve in any browser, even browsers installed after the event) adaware, spybot, and symantec AV 1-22-09 find no events. Anyone got any solutions/suggestions to check for modified settings? lmhosts/hosts are empty.
Anti-Virus Apps

Avatar of undefined
Last Comment

8/22/2022 - Mon

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
See how we're fighting big data
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question

i did figure it out for myself but i'll give you points for being correct.

google for "W32.downadup tool" and the first link from symantec will provide a proper functional tool for 3 variants; ., .A, and .B


My notes provide an extra insight into repair of this annoyance.

Experts Exchange has (a) saved my job multiple times, (b) saved me hours, days, and even weeks of work, and often (c) makes me look like a superhero! This place is MAGIC!
Walt Forbes