Hi there,

On the daily server report today, I found that Downadup/Conficker had been detected on three computers (all on the same network). The worm has been removed. Are those computers safe then?

Most of my computers are up to date, but I'm having issues with MD5 file failures, so about 5 of them are 3 weeks out (currently being resolved). I'm just curious as to how the virus came into the premises. Maybe via flash disk.

The funny thing is that the virus was detected in .png files in temporary internet files. I would have thought it would have hidden somewhere else. Oh well.

I noticed on the instructions to remove Downadup/Conficker, it said to disable System Restore. What about leaving it permanently disabled. Is this recommended? I would rather leave it enabled.

Ideas?

Hello umiwangu,


For removal tools and also complete information on Downadup infections please access this website:
http://www.disinfecttools.com/

My recommendation would be to use the network removal tool on all the workstations in your network in order to make sure they are malware free.

Let me know how it goes.

Thanks Diana,

I'll try to give the network removal tool a go. I'll have to get our WSUS console running first, so we can apply the right hotfix, just so Conficker doesn't come back.

I'll let you know.