Removing Downadup and Repairing
I've been able to recover several PCs using a few simple tools. But it make take time for these to run. Do not be fooled if your anti-virus software declares your system 'clean.' We constantly update this page with the latest fixes - please contact us with yours!
Latest Fix - 3/30/2009
BitDefender has released a free tool that removes all forms of Downadup/Conficker: Download Now!. There are both individual and network removal tools available.
Simply removing Downadup from you PC does not *fix* it - so please continue this checklist once the virus is removed!!! Once the virus is removed consider installing our recommended pc security software.. Bitdefender Total Security 2010
Use OpenDNS To Stop Badware From Calling Home
OpenDNS is a free service that now fights Downadup / Conficker. We've used OpenDNS for years to block malware, porn, and other sites at our home computers. OpenDNS provides free security and infrastructure services for integrated Web content filtering, anti-phishing and DNS. Its relatively simple to switch your home or business network to OpenDNS.
Scan for Remaining Infected Files and Drives
While the BitDefender removal tool works well, for long-term support we've switched to BitDefender Internet Security 2010 provides maximum security and protection without slowing down your PC!
Your Windows Registry is still messed up at this point - your computer is not fixed! Make sure to continue on. Restart Windows in normal mode.
Fix Windows Registry Issues
This and many other viruses modify your Windows Registry. Most users already have Registry problems. The Windows registry is a directory which stores settings and options for your operating system, hardware, software, and user settings. First, try using the free scan from RegDefense to check your registry.
Try to enable Windows Updates at this point. If it still fails, get Microsoft Live™ OneCare™ available at Amazon
The Microsoft Live™ OneCare™ is the product Microsoft should have created years ago. It is fantastic - cleaning up trojans and viruses that other tools may have missed and handling hard drive issues. I also have been using it for a firewall in XP. I did have to run it twice, but at around $30 per year its a great bargain.
It's important to get Windows fully-patched. As pointed out by Bojan Zdrnja at the SANS Institute Internet Storm Center:
The second interesting thing is related to the MS08-067 [Microsoft] vulnerability. As you probably know by now, Conficker [Downdadup] exploits this vulnerability in order to infect new machines. However, it does a very interesting thing once a machine gets infected. On infected machines Conficker will actually patch this vulnerability in memory! This is probably done to prevent other attackers from exploiting the same vulnerability (it will not get double-infected because Conficker uses a global mutex to stop other worms from running).
This fact is especially important when cleaning machines – if you just remove the Conficker worm your machine will become vulnerable again unless you patched it. The machine might even get infected after you remove the worm and while you're patching it so make sure that you patch it before.
Disable AutoRun and Autoplay
AutoRun is a default fealture of Windows and enables media and devices to launch programs using commands listed in "autorun.inf", stored in the medium's root directory. AutoPlay was introduced in Windows XP. This function searches media and launches the appropriate application to play or display the content. If available, settings in an autorun.inf file can add to the options presented to the user. Malware creators love Autorun and AutoPlay because it is difficult to disable and easy to exploit
Thanks to Nick Brown we have an easy way for all Windows XP and Vista users to disable AutoRun and AutoPlay via a minor Windows Registry change. You should also use secure USB Flash Drives whenever possible. Complete manual instructions are on his blog. Here is a simple download based on his work that you can unzip and run to appy the fix.
- Download this free zip file: DisableAuto 0.2 (Softpedia)
- Unzip the file. It contains a
- Double-click on the Reg file to modify the Registry
- Reboot Windows. AutoPlay and AutoRun should now be disabled. However, you can still access and run all your media manually
Testing Your Defenses
Want to make sure AutoRun and AutoPlay are disabled? ComputerWorld's Michael Horowitz has published a very simple test you can perform using your USB drive to make sure your AutoRun and AutoPlay functions are disabled.
Get trusted help
It doesn't hurt to ask for help. support.com provide online remote access to trained PC experts that can help. They support both home users and small business owners.