Virus Delete Win32DownAdUP

Several clients and friends have been infected with this virus in the past 24 hours. Once inside your network it spreads rapidly.
The virus is a variant of the Conficker virus and exploits a known (and supposedly patched) vulnerability in Microsoft RPC services.
A fully patched PC with updated Virus protection should prevent infection but attempts at reinfection are massive. Normally one computer inside your network is infected and broadcasting the virus to the other computers. Once you clean the infected host your antivirus should be able to clean/protect the rest of your computers.
Here’s all the links you need:

• Virus Bulletin W32.Downadup from Symantec
• Symantec Removal tool for W32.Downadup

More info:

• Vulnerability CVE-2008-4250
• Microsoft Security Bulletin MS08-067 from October 2008
  • Click on the link for you operating system for a link to the patch.

Identify the infected host using Wireshark, use removal tool to clean it, then you should be able to clean the other computers on the network.

Note: We are seeing infections on Windows 7 and Server 2008 and the Microsoft patch doesn’t include those operating systems. Something else may be in play.

Home users make sure you are protected. Get free and effective antivirus from KnowtheNetwork.com/Protect