Cleaning the WORM_DOWNAD, WORM_DOWNAD.AD and WORM_DOWNAD.KK malware

Problem Description

WORM_DOWNAD disables security applications, tools and security-related websites. It also blocks the Windows Update website in order to prevent patch downloads.

Note: To test if your machine is possibly infected with this malware, check this Conficker Eye Chart.

Solution

Please do the following:

1.	Apply MS08-67 patch.

2.	Perform a manual update to ensure that you have the latest components. Refer to the following solution:
	• Updating the Security Server from the Security Dashboard.
	• Updating the Security Server from the WFBS Standard / Advanced console

	You may check the latest components below:

	•	Latest virus pattern file (lpt$vpn.xxx)
	•	Rootkit Common Module (RCM) 2.2 and above
	•	GeneriClean Technology
	•	Damage Cleanup Template (DCT) 1020 and above
	•	Damage Cleanup Engine (DCE) 6.0.1172
	•	Scan Engine (VSAPI) 8.911 and above



3.	Once all the are updated, perform a scan now from the Security Server.

4.	Restart the computer infected with WORM_DOWNAD. This is required to completely clean the computer.

Note: The Sysclean tool can be used on specific machines that are unabled to clean WORM_DOWNAD. Please contact Trend Micro Technical Support for this package.

Additional Information:
• WORM_DOWNAD
• WORM_DOWNAD.AD
• WORM_DOWNAD.KK
• Customer Information on WORM_DOWNAD.KK: Detection, Cleanup, and Prevention
• How to restore access to Trend Micro and other security sites that have been blocked by malicious software infections

Solution ID	Last Updated
1039145	Date : 2012/02/2 Time: 3:09 AM (PST)

Product/Version	Platform
Client Server Messaging Security for SMB - 3.6; Client Server Security for SMB - 3.6; Worry-Free Business Security Standard/Advanced - 5.1, 6.0	Others - N/A

Rate this Solution
Did this article help you? Yes No	What was the problem with this solution? Required The video did not play properly. The image(s) in the solution article did not display properly. The solution did not provide detailed procedure. The solution is hard to understand and follow. The solution did not resolve my issue. Others. Please specify. Please provide your comments to help us improve this solution. Required

	*This form is an automated system. General questions, technical, sales and product-related issues submitted through this form will not be answered.

See all Home Products Internet Security Products for 1-10 Computers

PC & Mac Protection

Mobile Devices

Additional Protection

Online Safety @ Home

All Topics

Small BusinessSmaller companies with limited IT resources

See all Small Business Products

EnterpriseLarger companies with complex requirements

See all Enterprise Products

Business Challenges

Try our Consulting and Support Services

More in For Business

Current Threat Activity

Research and Analysis

Awareness and Prevention

More in Security Intelligence

Cloud Security

Our Technology

Our Story

Home & Home Office

Go To:

Popular Products

Business

Go to:

Popular Products

Knowledge Base

Support

Problem Description

Solution


Business Knowledge Base All Support
Advanced Search \| View Search Tips