W32.Downadup

Aliases: W32/Downadup.A[F-Secure], Conficker.A[Panda Software]

Type: Worm

Systems Affected: Windows 98, Windows 95, Windows XP, Windows Me, Windows NT, Windows 2000, Windows Server 2003, Windows Vista

Overview: W32.Downadup spreads by exploiting the Microsoft Windows Server Service RPC Handling Remote Code Execution Vulnerability.

Symptoms of W32.Downadup:

1. Once launched, the worm would copy itself as the following:
%System%\[RANDOM FILE NAME].dll

2. Automatic registers itself in the system registry:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\netsvcs\Parameters\"ServiceDll" = "[PathToWorm]"

3. The worm connects to the following URLs to obtain IP address of the compromised computer:
http://www.getmyip.org
http://getmyip.co.uk
http://checkip.dyndns.org

Related trojan:Rontokbro, Wotron, Wozer, Xema

Remove W32.Downadup:

Visit the Microsoft Website to fix the problem:
http://support.microsoft.com/kb/958644/en-us

You can also use antivirus software with latest updates to remove the worm quickly:

Norton Internet Security 2009