November 16, 2009

How to remove W32.Downadup

W32.Downadup is a worm that can kill antivirus programs and block infected computers from visiting security wesbites. This worm propagates on local and network drives by taking advantage of the Microsoft Windows Server Service RPC Handling Remote Code Execution Vulnerability. W32.Downadup also create its own Service on Windows to run itself each time Windows is started.


* Win32/Conficker.A
* W32/Conficker

Damage Level: High

Systems Affected: Windows
How to remove W32.Downadup

1. Download
the Downadup removal tool and save it on Desktop.

2. Double click on downloaded file, chose “Extract all files…” from the File menu, and follow the wizard’s instructions. You can use any other archiver, like WinZip. This will create a folder called bd_rem_tool.

3. Double click on the file ”bd_rem_tool_gui.exe” (or just “bd_rem_tool_gui”). Make sure that all files have been extracted from the zip archive, because all the contents are required for the removal tool to run. Follow the tool’s instructions.

4. If you have Restricted Acccess (not Admin) on Windows Vista and XP, right click the “bd_rem_tool_gui” program and choose “Run as Administrator”. Enter the computer Administrator Username and Password when prompted.

5. Reboot your computer when scanning is finished.

No comments: