Bila Worm Downadup Win32/Conficker.C didownload dan diaktifkan secara tidak sengaja pada computer. Worm tersebut akan meng-copy dirinya sendiri dengan membuat nama file secara acak di System Windows. Terkadang Worm melepas beberapa file yang dimasukan kedalam directory Program.
Worm Downadup Win32/Conficker.C akan aktif setiap kali computer dihidupkan, karena dapat mendaftarkan dirinya dari daftar program yang harus aktif ketika computer mulai dihidupkan.
Computer terinfeksi Worm Downadup Win32/Conficker.C , secara langsung mengambil beberapa langkah seperti mematikan sistem update antivirus.
Worm akan mematikan service dari Windows :
* wscsvc – Security Center
* WinDefend Windows Defender (Vista)
* wuauserv – Automatic Updates
* BITS – Background Intelligent Transfer Service
* ERSvc – Error Reporting Service
* WerSvc – Windows Error Reporting Service (Vista)
Worm juga mematikan sistem restore point, jika computer anda tidak memiliki sistem restore maka ada kemungkinan computer telah terinfeksi Downadup.
Remove your Downadup infection!
BitDefender Labs has detected a new and more aggressive Downadup version on Saturday, 07.02.2009. It spreads using a Windows RPC Server Service vulnerability and is called Win32.Worm.Downadup.Gen.
The new version is more resilient to disinfection. Once the system is compromised, the worm disables Windows Update and blocks access to most of the anti-virus websites in order to hinder the user to disinfect his machine.
BitDefender is the first to offer a free tool which disinfects all versions of Downadup and is available for all infected users at: http://bdtools.net This domain is the first to serve a removal tool without being blocked by the e-threat.
The worm itself is not new, it made its first appearance late November 2008, known under the names Conficker or Kido as well exploiting the vulnerability described in the Microsoft security bulletin MS08-067. After successful exploitation it used to install rogue security software on the infected machine.
© BitDefender 2009
