How to Remove W32.Downadup.B Virus?

W32.Downadup.B Virus was discovered by Symantec last December 30, 2008, and was announce to public January 9, 2009. Now it widely spreading all over the world and it floodings network connections.

This virus monitors DNS requests to domains containing certain strings and blocks access to those domains so that it will appear that the network request timed out. We (my MIS Team) discovered W32.Downadup.B Virus from our quarantine logs and we found out that it was introduce to the network using a USB drive activated by autorun.inf.


W32.Downadup.B creates an autorun.inf file on all mapped drives so that the threat automatically executes when the drive is accessed. The threat then monitors for drives that are connected to the compromised computer in order to create an autorun.inf file as soon as the drive becomes accessible.

You won’t be able to detect it using the command prompt because it run by using the RPC Handling Remote Code Execution. How to remove the virus just follow the steps below:

Follow these Steps:

1. Download the removal tool from Symantec website and place it on your desktop.

2. Download the Security patch from microsoft website. ( Choose the file support with your OS).

for Windows XP (KB958644)

3. Temporarily Disable System Restore (Windows Me/XP).

4. ​​​Update the virus definitions (If your using Symantec).

5. Reboot your computer in SafeMode.

6. Run the FixDownadup.exe that you have just downloaded and let it scan until it found a viruses.

7. Run the Security Patch.

8. Reboot your system in normal mode and run the Full System Scan to make sure that no virus present on your computer.

9. As preventive measure We disabled autorun in the registry and disable USB Port access to all workstation.

Below are stats from Symantec regarding this virus.

Threat Assessment

Wild

* Wild Level: Medium

* Number of Infections: 1000+

* Number of Sites: 10+

* Geographical Distribution: Medium

* Threat Containment: Moderate

* Removal: Moderate

Damage

* Damage Level: Medium

* Modifies Files: Modifies the tcpip.sys file.

Distribution

* Distribution Level: Medium

* Shared Drives: Attempts to spread to network shares protected by weak passwords.

* Target of Infection: Spreads by exploiting the Microsoft Windows Server Service RPC Handling Remote Code Execution Vulnerability (BID 31874)

9 thoughts on “How to Remove W32.Downadup.B Virus?”

    • Hi rhod27, you’ll need an admin account to install the patches and updates.
      Thanks for commenting if you any more question feel free to email me or comment in this post

      Reply
  1. Hi rhod27, you'll need an admin account to install the patches and updates.
    Thanks for commenting if you any more question feel free to email me or comment in this post

    Reply
  2. Hi rhod27, you'll need an admin account to install the patches and updates.
    Thanks for commenting if you any more question feel free to email me or comment in this post

    Reply
  3. Hi every friends,

    Welcome to Flash Games, the online games resource website. Free arcade games Play on 4000 games,Nice Video and counting . The best of online games is on http://www.ongamesite.com.We have fun playing some of the best online games ever created and remember to check back often because we are always adding new games.

    Good luck.

    Reply

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.