.Malicious Code has become increasingly complex and infections involve more system elements than ever before. Symantec Security Response has developed tools to automatically conduct what would often amount to extensive and tedious manual removal tasks. If your system has become infected with the conficker worm this tool should aid you in repairing the damage.
– Close all the running programs.
– If you are on a network or if you have a full-time connection to the Internet, disconnect the computer from the network and the Internet.
– If you are running Windows Me or XP, turn off System Restore
– Double-click the FixDownadup.exe file to start the removal tool.
– Click Start to begin the process, and then allow the tool to run.
Note: If you have any problems when you run the tool, or it does nor appear to remove the threat, restart the computer in Safe mode and run the tool again.
– Restart the computer.
– Run the removal tool again to ensure that the system is clean.
– If you are running Windows Me/XP, then reenable System Restore
– Ensure that user accounts have strong passwords that are not in the list used by the worm.
– If you are on a network or if you have a full-time connection to the Internet, reconnect the computer to the network or to the Internet connection
The following switches are designed for use by network administrators:
/HELP, /H, /?
Displays the help message.
Disables the registry repair (We do not recommend using this switch).
Enables the silent mode.
Creates a log file where [PATH NAME] is the location in which to store the tool’s output. By default, this switch creates the log file, FixDownadup.log, in the same folder from which the removal tool was executed.
Scans the mapped network drives. (We do not recommend using this switch. See the following Note.)
Forces the tool to immediately start scanning.
Excludes the specified [PATH] from scanning. (We do not recommend using this switch. See the following Note.)
Disables the cancel feature of the removal tool.
Prevents the scanning of the file system.
Disables checking for unpatched files.