How to clean the WORM_DOWNAD, WORM_DOWNAD.AD and WORM_DOWNAD.KK malware

How to clean the WORM_DOWNAD, WORM_DOWNAD.AD and WORM_DOWNAD.KK malware - For Small and Medium Businesses

Solution ID:	EN-1039145
Product:	Client Server Security for SMB - 3.6; Worry-Free Business Security Advanced - 5.0, 5.1; Worry-Free Business Security Standard - 5.1; Client Server Messaging Security for SMB - 3.6
Operating System:	Others
Published:	9/23/2009 1:53 AM

Problem:


WORM_DOWNAD disables security applications, tools and security-related websites. It also blocks the Windows Update website in order to prevent patch downloads.

Note: To test if your machine is possibly infected with this malware, check this Conficker Eye Chart.

Solution:

Public

Please do the following:

1.	Apply MS08-67 patch.

2.	Perform a manual update to ensure that you have the latest components. Refer to the following solution: Updating the Security Server from the Security Dashboard.

	You may check the latest components below:

	•	Latest virus pattern file (lpt$vpn.xxx)
	•	Rootkit Common Module (RCM) 2.2 and above
	•	GeneriClean Technology
	•	Damage Cleanup Template (DCT) 1020 and above
	•	Damage Cleanup Engine (DCE) 6.0.1172
	•	Scan Engine (VSAPI) 8.911



3.	Once all the are updated, perform a scan now from the Security Server.

4.	Restart the computer infected with WORM_DOWNAD. This is required to completely clean the computer.

Note: The Sysclean tool can be used on specific machines that are unabled to clean WORM_DOWNAD. Please contact Trend Micro Technical Support for this package.

Additional Information:
• WORM_DOWNAD
• WORM_DOWNAD.AD
• WORM_DOWNAD.KK
• Customer Information on WORM_DOWNAD.KK: Detection, Cleanup, and Prevention
• How to restore access to Trend Micro and other security sites that have been blocked by malicious software infections

Rate this Solution
Did this article help you?	Comments:
Yes No

	This form uses an automated system and does not provide feedback.