How to clean the WORM_DOWNAD, WORM_DOWNAD.AD and WORM_DOWNAD.KK malware - For Small and Medium Businesses
 

Solution ID:

EN-1039145

Product:

Client Server Security for SMB - 3.6; Worry-Free Business Security Advanced - 5.0, 5.1; Worry-Free Business Security Standard - 5.1; Client Server Messaging Security for SMB - 3.6
Operating System:
Others

Published:

9/23/2009 1:53 AM 
 

Problem:

WORM_DOWNAD disables security applications, tools and security-related websites. It also blocks the Windows Update website in order to prevent patch downloads.

 
Note: To test if your machine is possibly infected with this malware, check this Conficker Eye Chart.

 

Solution:

Public

 

Please do the following:

 

1.

Apply MS08-67 patch.

 

 

2.

Perform a manual update to ensure that you have the latest components. Refer to the following solution: Updating the Security Server from the Security Dashboard.

   
You may check the latest components below: 

 

Latest virus pattern file (lpt$vpn.xxx)

 

Rootkit Common Module (RCM) 2.2 and above

 

GeneriClean Technology

 

Damage Cleanup Template (DCT) 1020 and above

 

Damage Cleanup Engine (DCE) 6.0.1172

Scan Engine (VSAPI) 8.911

 

 

3.

Once all the are updated, perform a scan now from the Security Server.

4.

Restart the computer infected with WORM_DOWNAD. This is required to completely clean the computer.

   

 Note: The Sysclean tool can be used on specific machines that are unabled to clean WORM_DOWNAD. Please contact Trend Micro Technical Support for this package.

 

Additional Information:

•    WORM_DOWNAD

•    WORM_DOWNAD.AD

•    WORM_DOWNAD.KK
•    Customer Information on WORM_DOWNAD.KK: Detection, Cleanup, and Prevention
•    How to restore access to Trend Micro and other security sites that have been blocked by malicious software infections

Rate this Solution
Did this article help you?           Comments:
 Yes     No
         
           
            This form uses an automated system and does not provide feedback.