How to remove W32.Downadup.B worm

Malware Description:
W32.Downadup.B is a computer worm that spreads via networks using the Windows Server Service RPC Handling Remote Code Execution Vulnerability. The preliminary estimates of IT-experts state an average of 5-7 million computers are currently infected with W32.Downadup.B worldwide. The external manifestation of W32.Downadup.B presence on a PC is typically blocking the user access to some domains generating the notification reading “Network request timed out”, or you may get a “There is no network provider” alert. W32.Downadup.B is also known to create an autorun.inf file on all PC drives and runs it once the user accesses this drive. W32.Downadup.B is capable of propagating through the target network exploiting the above-mentioned autorun.inf file. The particular feature of W32.Downadup.B removal is the fact that the use of some anti-spyware programs and manual deletion will normally not work. Unless you want to have internet connection problems and face a severe PC contamination, remove W32.Downadup.B with the effective trusted spyware removal tool.

Malware Type: Worms

Malware Author: Unknown

Threat Level: High

Advice: Immediately remove

W32.Downadup.B Free Scanner and Remover: Download Now

How to remove W32.Downadup.B worm manually:
Manual removal of W32.Downadup.B worm is a feasible objective if you have sufficient expertise in dealing with program files, processes, .dll files and registry entries.

The files to be deleted are listed below:

  • svchost.exe
  • explorer.exe
  • services.exe
  • %System%\[Random].dll
  • %Program Files%\Internet Explorer\[Random].dll
  • %Program Files%\Movie Maker\[Random].dll
  • %All Users Application Data%\[Random].dll
  • %Temp%\[Random].dll

The registry entries that need to be removed are as follows:

  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Advanced\Folder\Hidden\SHO WALLCheckedValue = dword:00000000
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\SvcHost, netsvcs = %Previous data% and %Random%
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\[random]\Parameters
    ServiceDll = %MalwarePath%

Please, be aware that manual removal of W32.Downadup.B worm is a cumbersome process and does not always ensure complete deletion of the malware, due to the fact that some files might be hidden or may get reanimated automatically afterwards. Moreover, manual interference of this kind may cause damage to the system. That’s why we strongly recommend automatic removal of W32.Downadup.B, which will save your time and enable avoiding any system malfunctions and guarantee the needed result.

Download W32.Downadup.B Worm Automatic Remover

Like This Article? Let Others Know!

Reader's Comments:

  1. Sergiu |

    I have a W32.Downadup.B virus (worm) allerst.
    I want to cleen it.

Post a Comment: