 |
Home
Articles
Spyware Research
Support
Scan Now
Purchase
F.A.Q.
Top 25 Spyware: About SpywareGlossary Latest Detections Fake Scanner Sites Google Search Redirects Bestclicksnow.com Bestwebsearch.com Cliccker.cn Clickover.cn Couponmountain.com Lowpriceshopper.com Mycustomsearch.cn Overclick.cn Shopica.com Shopzilla.com trafficposter.com Toseeka.com Update-browser.com Windowsclick.com Zetaclicks4.com Zoombli.com  |
 |
DownadupAlias: Conficker, Kido, Downandup worm, W32/Downadup.AL, Net-Worm.Win32.Kido, Win32/Conficker, Mal/Conficker, W32/Conficker.worm.gen
Description: Downadup is a dangerous worm malware. Downadup worm tricks the user into running it from the infected USB drive plugged in to the computer. It displays modified AutoRun dialog with first option saying "Open folder to view files. Published by Microsoft Windows". If the tricked user runs the application, the worm installs itself on the computer. Once installed Downadup spreads itself across a network, infecting all accessible computers. Also it copies itself with different random names into Windows system folders such as Program Files or Windows\System32 It is known that Downadup morphs its own code to avoid detection by traditional signature-based methods. The worm disables some Windows system services (such as Windows Defender or Windows Automatic Update) and blocks user access to the large number of security-related domains. Downandup worm can download and install additional malware onto infected computer. Threat type: Worm - A Worm is a virus-like software application which spreads itself to other computers. Worms send themselves out to email addresses collected from the infected PC. Worms are known to mutate and they usually carry a destructive payload. Advice: Remove This is a very high risk threat and should be removed immediately as to prevent harm to your computer or your privacy. Detection: SpyNoMore detects Downadup: Yes Threat risk: Very High Risk  Extremely dangerous malware. Uses stealth installation, randomly named entries and has the capability to self update or resurrect after incomplete removal. Almost impossible to remove manually. Category mostly consists of trojans and spyware. Symptoms: The following system services are disabled or fail to run: Background Intelligence Transfer, Error Reporting, Windows Defender, Windows Error Reporting, Windows Security Center, Windows Update Auto Update. You cannot connect to various security-related websites. Domain controllers may respond slowly to client requests. Please note, that in some cases you may not experience any symptoms on the infected computer.
Running Process Signatures: File Signatures: N/A Registered Dll (Dynamic Link Library) Signatures: Internet Explorer Integration: Folder Signatures: N/A Registry Signatures: N/A SpyNoMore Collected Residual File Signatures:
| |
| ||||
|
||||
 |
|
 | ||