Anti virus software
Download free anti virus software Anti virus software information Order anti virus software (US$ 29.95)
Protector Plus
Anti virus software for

 Windows
 (XP, 2000, 2003, NT, Me, 98, 95)

 Exchange
 
 NetWare











Download Antivirus software

W32/Downadup.B Worm

Information about the W32/Downadup.B Worm:

W32/Downadup.B is a Worm. The worm will infect Windows systems and spreads through Network, USB devices and Exploitation of the vulnerability that is patched by security update 958644 (MS08-067).

Upon execution the worm copies itself with the random name with .dll extension in the following locations:

Windows System
Programs Files\Internet Explorer
Programs Files\Movie Maker
All Users Application Data
Windows Temp

and with the random name with .tmp extension in the following locations:

Windows System
Windows Temp

The worm disables the following services:

Windows Automatic Update Service (wuauserv)
Background Intelligent Transfer Service (BITS)
Windows Security Center
Windows Defender
Windows Error Reporting
It also drops following files in the removable and mapped drives:

\RECYCLER\
\autorun.inf

 The worm creates a HTTP server on a random port in the infected machine. The worm attempts to block the access to the following security sites which contain the following strings:

virus
spyware
malware
rootkit
defender
microsoft
symantec
norton
mcafee
trendmicro
sophos
panda
etrust
networkassociates
computerassociates
f-secure
kaspersky
jotti
f-prot
nod32
eset
grisoft
drweb
centralcommand
ahnlab
esafe
avast
avira
quickheal
comodo
clamav
ewido
fortinet
gdata
hacksoft
hauri
ikarus
k7computing
norman
pctools
prevx
rising
securecomputing
sunbelt
emsisoft
arcabit
cpsecure
spamhaus
castlecops
threatexpert
wilderssecurity
windowsupdate
nai
ca
avp
avg
vet
bit9
sans
cert

The worm modifies registry at the following locations:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services

After this, worm attempts to spread on the network. It uses User Name and Password in its pre-configured list to gain write access on the systems in the network.

This worm first appeared on January 19, 2009.

Blueball Other names of W32/Downadup.B Worm:

This Worm is also known as Win32/Conficker, W32/Conficker.worm.gen, Mal/Conficker.


Download the FREE Evaluation copy of Protector Plus antivirus software


About Protector Plus Anti virus Software Packages:

Proland Software is the developer of Protector Plus range of anti virus software packages. Protector Plus anti virus is available for Windows XP, Windows Me/98/95, Windows NT/2000/2003 servers and workstations, MS-Exchange 2000/2003, MS-DOS and NetWare servers.

Protector Plus range of anti virus products offer on-line virus detection and removal. All the packages have the ability to detect and isolate all types of viruses, trojans, worms and other types of malware.

These products are updated on a continuous basis and the latest upgrades for all the platforms are made available for downloading from this site.

You can download the 30 day evaluation copy of
Protector Plus anti virus software free of cost for these platforms:

Windows | Exchange | NetWare

Download free anti virus software | Anti virus software information | Order anti virus software

Copyright © 2009 Proland Software. All rights reserved.


Download Antivirus software