Solved

W32.Downadup.B Virus

Posted on 2010-09-08
15
787 Views
Last Modified: 2013-12-09
Hello Experts Exchange,

I know you prolly have seen this virus elsewhere, but I tried all given methods here at my workplace and none of them seem to work..

The following has been done:

Scan with malwarebytes.org (Found none)
Scan with avast boot scan (Found none)
Disconnect before scanning while scanning
Used Symantec patch method
Used Windows patch method after system update..
Fsecure method

Has anyone have any other tools to get rid of this

Regards,
Mark
0
Comment
Question by:camad3
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 8
  • 2
  • 2
  • +3
15 Comments
 
LVL 13

Expert Comment

by:NarendraG
ID: 33634119
0
 

Author Comment

by:camad3
ID: 33634140
Will try it..

Anymore takers on solutions?

THanks
0
 
LVL 20

Expert Comment

by:wolfcamel
ID: 33634240
have you tried all of the above in safe mode?
0
Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

 
LVL 22

Expert Comment

by:optoma
ID: 33634264
How many machines affected?
Try these on all
Run TdssKiller and Hitmanpro.
http://support.kaspersky.com/viruses/solutions?qid=208280684
http://www.surfright.nl/en/hitmanpro
0
 

Author Comment

by:camad3
ID: 33634310
Yes tried all albove in safe mode @wolf camel

Optoma: 10 so far we have 150+ users
0
 
LVL 22

Expert Comment

by:optoma
ID: 33634930
Also have a look at this so
http://support.microsoft.com/kb/962007
0
 
LVL 30

Expert Comment

by:Sudeep Sharma
ID: 33641123
Hi,

This is one of the variant of famous conflicker worm which is network aware worm and take advantage of weak password of network share to propagate itself. Here are more details of the worm.

http://www.threatexpert.com/report.aspx?md5=9c46856775293f06d24ea56a6890e74f
http://www.threatexpert.com/report.aspx?md5=cb62878451b7269e072c99d5064190c5
http://www.threatexpert.com/report.aspx?md5=bd32a20b242fc818477050440fee40f6

One should have good password policy and strong password on network share as well.

Sudeep
0
 

Author Comment

by:camad3
ID: 33642573
Tried the top 4.. None of it works
0
 
LVL 25

Assisted Solution

by:madunix
madunix earned 500 total points
ID: 33644513
check this link
https://secure.sophos.com/products/free-tools/conficker-removal-tool/download
its a standalone version, many good tools exist now.  i would check also the link to the Conficker Work group is http://www.confickerworkinggroup.org/wiki/
keep in mind to use frequently  Bootable antivirus Rescue CD
http://www.techmixer.com/free-bootable-antivirus-rescue-cds-download-list/
Boot-able anti virus Rescue CD method consider as the most effective way to remove the virus, trojan and malware because it track down some viruses, trojans and other malware are embedded so tightly into your operating system that when you boot Windows the normal way. Mostly virus is also loaded and cannot be detected or removed by antivirus software  running in that system. In such a case, booting antivirus rescue CD under clean environment can increase chances to track down virus easily which there no interfere from any windows OS services.
0
 

Author Comment

by:camad3
ID: 33658665
Will try your method, madunix.
0
 

Author Comment

by:camad3
ID: 33659309
@Madunix

Tried creating a rescue cd via kaspersky but each time it is loaded the beeping noise persist. But when we tried booting another cd it goes in very well..

It cannot be our mother board, neither the optical drive because it loaded successfully when using another boot cd..

Can it be the virus knows of this rescue disk?

0
 
LVL 25

Expert Comment

by:madunix
ID: 33659330
try avira http://www.free-av.com/en/products/12/avira_antivir_rescue_system.html
and let me know if you still have the same issue.
0
 

Author Comment

by:camad3
ID: 33659611
Okay will try.. the odd thing is that.. It only beeps when its a newly installed system or un infected OS.. I
0
 

Author Comment

by:camad3
ID: 33659624
I mean.. when it is a infected system..
0
 

Accepted Solution

by:
camad3 earned 0 total points
ID: 33678358
Nothing is working so far.. Asides do i do a reformat? I read in an article that it spreads rapidly at 100x an hour rate.. and it switches name from each time its deleted
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A brand new malware strain was recently discovered by security researchers at Palo Alto Networks dubbed “AceDeceiver.” This new strain of iOS malware can successfully infect non-jailbroken devices and jailbroken devices alike.
Today, still in the boom of Apple, PC's and products, nearly 50% of the computer users use Windows as graphical operating systems. If you are among those users who love windows, but are grappling to keep the system's hard drive optimized, then you s…
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

632 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question