Downadup makes use of random extension names in order to avoid detection. During disinfection, Scanning Options should be set to:
For more general information on disinfection, please see Removal Instructions.
Some variants of the Downadup worm attempt to block execution of F-Secure malware removal tools. If the downloaded tool does not work, please rename the file. Example: from "f-downadup.exe" to "file.exe" or "explorer.exe". Then try running the tool again.
Specific tool with heuristics for Downadup worm variants:
This is a command line tool. Please read the text file included in the ZIP for additional details.
Knowledge Base Article 962007 provides numerous details for manual disinfection of Conficker.B (alias Downadup):
Find the latest advice in our Community Knowledge Base.
See the manual for your F-Secure product on the Help Center.
Submit a file or URL for further analysis.
For technical details of Downadup's installation and propagation mechanisms, see the following descriptions:
Downadup uses a variety of methods and vectors to spread itself:
Certain Downadup variants have additional rooutines:
Date Created: 2009-01-09 11:53:48.0
Date Last Modified: 2010-09-29 09:40:20.0