Generic detections are broad patterns of code or behavior that are used by security software to identify programs or files. If you suspect the detected file was incorrectly identified, go to: Removal: Resolving a False Positive.
For removal tools and instructions, see the Removal section of Worm:W32/Downadup.gen.
Security programs will sometimes unintentionally identify a program or file as harmful if it has code or behavior that resembles known harmful programs. This is known as a False Positive. In most cases, a False Positive is fixed in a subsequent database release. If you suspect the detected file is a False Positive, you can:
Usually, updating your F-Secure security program to use the latest database is enough to resolve the issue. You can check by first updating your F-Secure security program to use the latest detection database updates, then rescanning the file.
After checking, if you still believe the file is incorrectly detected, you can submit a sample of it to F-Secure Labs for re-analysis.
NOTE If the file was moved to quarantine, you will need to first collect the file from quarantine before you can submit it.
If you are certain that the file is safe and want to continue using it, you can exclude it from further scanning by the F-Secure security product.
The .JOB file used by the worm is detected as it is part of the worm's propagation routine. Downadup attempts to spread itself using Windows Scheduled Tasks. The .JOB file defines a scheduled task, which in Downadup's case triggers an execution of the worm library via rundll32.exe. Legitimate tasks are usually located in the following folder:
For more about Downadup variants and activities, see:
Date Created: 2010-06-23 05:20:51.0
Date Last Modified: 2010-07-01 11:04:49.0