W32.Downadup.B removal


1. update with MS patches and restart.
2. update with the latest virus definition
3. use Downadup cleaning tool
4. Disable Scheduled task and autorun

Please find the Downadup removal tool as follow :
With the introduction of Downadup and SAV 10:
1. Ensure Autorun is disabled
2. Ensure having patch MS08-067 , MS08-068, MS09-001, MS09-002 on machines.
3. Disable Task Scheduler service (
4. Make sure no vulnerable SAV version is in the network.
5. Run Downadup fixtool as above.

we need an account with ADMINISTRATOR privileges.

1) Disable autorun
Reference: Microsoft KB
How to correct "disable Autorun registry key" enforcement in Windows

Disable AutoRun in Microsoft Windows
To effectively disable AutoRun in Microsoft Windows, import the following registry value:
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\Autorun.inf]
To import this value, perform the following steps:
1-1) Copy the text
1-2) Paste the text into Windows Notepad
1-3) Save the file as "autorun.reg"
Note: In certain circumstances, Notepad may automatically add a .txt extension to saved files.
1-4) To ensure that the file is saved with the proper extension, select All Files in the "Save as type:" section of the "Save As" dialog.
1-5) Navigate to the file location
1-6) Double-click the file to import it into the Windows registry
Microsoft Windows can also cache the AutoRun information from mounted devices in the MountPoints2 registry key.
We recommend restarting Windows after making the registry change so that any cached mount points are reinitialized in a way that ignores the Autorun.inf file.
Alternatively, the following registry key may be deleted:
Once these changes have been made, all of the AutoRun code execution scenarios described above will be mitigated because Windows will no longer parse Autorun.inf files to determine which actions to take.
2) Temporarily Disable System Restore (Windows XP/VISTA)
Reference: Microsoft KB
How to turn off and turn on System Restore in Windows XP