For the last week I have been trying to get rid of the WORM_DOWNAD.AD off of a Windows Server 2000 with SP4. I have installed the Microsoft Security Patch (MS06-040: Vulnerability in Server service could allow remote code execution). Our main anti-virus scan is TrendMicro OfficeScan 7.3 it finds and deletes the files replicated by the worm, however, it ONLY identifies the WORM itself which is giving itself a name of gkdf.dll in the System32/directory when attempting to see this file it is invisible.
I have to turn off the local DNS client service in order to go to security sites. I download Malware Bytes and it finds and deletes the replicated files and does not see the main WORM .dll file.
I am able to reboot into safe mode
I have tried doing the Trend Micro manual thing but it does not work.
Anyone out there with success removing the WORM_DOWNAD.AD virus specifically from a Windows 2000 Server? Any direction will be a great help.