(This will be updated as more information becomes public)Removal InstructionsMicrosofthttp://support.microsoft.com/kb/962007 KasperskyBitDefenderwww.bitdefender.com/VIRUS-1000462-en--Win32.Worm.Downadup.Gen.html
Removal ToolsMicrosoft MSRThttp://www.microsoft.com/security/malwareremove/default.mspx F-Secureftp.f-secure.com/anti-virus/tools/beta/f-downadup.zip AhnLabglobal.ahnlab.com/global/file_removeal_down.jsp McAfeeESETdownload.eset.com/special/EConfickerRemover.exe BitDefenderwww.bitdefender.com/site/Downloads/downloadFile/1584/FreeRemovalTool Kasperskydata2.kaspersky-labs.com:8080/special/KidoKiller_v3.1.zip TrendMicrowww.trendmicro.com/ftp/products/pattern/spyware/fixtool/SysClean-WORM_DOWNAD.zip
Conficker Cabal InformationShadowServerwww.shadowserver.org/wiki/pmwiki.php (very good explanation of the importance of this group) Arbor networksasert.arbornetworks.com/2009/02/the-conficker-cabal-announced/ ICANNwww.icann.org/en/announcements/announcement-2-12feb09-en.htm Symantecforums.symantec.com/t5/Malicious-Code/Coalition-Formed-in-Response-to-W32-Downadup/ba-p/388129
General InformationMicrosoftEnd user/Consumer page IT Security/Professional Page Centralized information about Conficker SecureWorkswww.secureworks.com/research/threats/downadup-removal/
Research (technical)SRIMNIN Security Blogmnin.blogspot.com/2009/01/downatool-for-downadupbconflickerb.html (This is an awesome tool that generates domains, and ips to scan using the reversed algorithms from conficker) ThreatExpert Blogblog.threatexpert.com/2009/01/confickerdownadup-memory-injection.html
And last but not least, the previous ISC articles on Conficker!
|
AndreL 56 Posts Feb 13th 2009 |
Thread locked Subscribe |
Feb 13th 2009 1 decade ago |
Love the listing of removal tools, can this be added to the SANS \"Links\" page for common removal tools? And in general, restructure and update the links page with newer and useful tools?
I know asking a lot... Thanks, Brian |
Brian 3 Posts |
Quote |
Feb 13th 2009 1 decade ago |
I plan on posting more info as I come across it, I also am looking at formatting it a bit differently. I am not much of a fan of the current formatting, but given the amount of time involved I wanted to get something out sooner rather then later.
|
AndreL 56 Posts |
Quote |
Feb 13th 2009 1 decade ago |
Step by Step In Dealing With and Removing Conficker.
http://blog.sekiur.com/2009/02/step-by-step-in-dealing-with-conficker/ |
AndreL 1 Posts |
Quote |
Feb 14th 2009 1 decade ago |
Additional technical information. It's possible to determine p2p UDP/TCP port pairs.
https://cert.lexsi.com/weblog/index.php/2009/03/31/294-confickerc-de-peer-en-peer |
Anonymous |
Quote |
Apr 4th 2009 1 decade ago |
Sign Up for Free or Log In to start participating in the conversation!