troubleshooting Question

Removing WORM_DOWNAD.AD from Windows 2000 Server SP4

Avatar of JerseyGuyIT
JerseyGuyITFlag for United States of America asked on
Anti-Virus AppsVulnerabilitiesMicrosoft Server OS
2 Comments1 Solution1134 ViewsLast Modified:
For the last week I have been trying to get rid of the WORM_DOWNAD.AD off of a Windows Server 2000 with SP4.  I have installed the Microsoft Security Patch (MS06-040: Vulnerability in Server service could allow remote code execution).  Our main anti-virus scan is TrendMicro OfficeScan 7.3  it finds and deletes the files replicated by the worm, however, it ONLY identifies the WORM itself which is giving itself a name of gkdf.dll in the System32/directory  when attempting to see this file it is invisible.  

I have to turn off the local DNS client service in order to go to security sites.  I download Malware Bytes and it finds and deletes the replicated files and does not see the main WORM .dll file.

I am able to reboot into safe mode

I have tried doing the Trend Micro manual thing but it does not work.

Anyone out there with success removing the WORM_DOWNAD.AD virus  specifically from a Windows 2000 Server?  Any direction will be a great help.
Join the community to see this answer!
Join our exclusive community to see this answer & millions of others.
Unlock 1 Answer and 2 Comments.
Join the Community
Learn from the best

Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.

Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 1 Answer and 2 Comments.
Try for 7 days

”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.

-Mike Kapnisakis, Warner Bros