| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 95271 | 2008-11-30 23:42:00 | W32.Downadup - best way to remove? | nofam (9009) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 724461 | 2008-11-30 23:42:00 | Hi guys, Just had a call from one of the sites I manage - they have 20 or so machines that have been hit with the W32.Downadup worm. Have you guys come across this yet? Just wondering if malwarebytes etc will remove this. The machines are 'protected' (:lol:) with Symantec Antivirus Corporate Edition, so using another AV app is really an option if that doesn't work. |
nofam (9009) | ||
| 724462 | 2008-11-30 23:49:00 | Its a worm Info here about it (www.symantec.com) As it says disable system restore Then: 4. To delete the value from the registry Important: Symantec strongly recommends that you back up the registry before making any changes to it. Incorrect changes to the registry can result in permanent data loss or corrupted files. Modify the specified subkeys only. For instructions refer to the document: How to make a backup of the Windows registry. 1. Click Start > Run. 2. Type regedit 3. Click OK. Note: If the registry editor fails to open the threat may have modified the registry to prevent access to the registry editor. Security Response has developed a tool to resolve this problem. Download and run this tool, and then continue with the removal. 4. Navigate to and delete the following registry entry: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\netsvcs\Parameters\"ServiceDll" = "[PATH OF WORM EXECUTABLE]" 5. Exit the Registry Editor. Its probaly because they didnt install this update (www.microsoft.com) Thats what they get for not keeping it up to date More info here (news.cnet.com) |
Speedy Gonzales (78) | ||
| 1 | |||||