W32.Downadup.E
W32.Downadup.E also known as WORM_DOWNAD.E, Conficker Worm or W32.Downadup. W32.Downadup.E is a serious worm infection that is known to attack Windows systems and spreads through networks due to a Windows security vulnerability called MS08-067. If a system does not receive critical updates needed then it may be vulnerable to the W32.Downadup.E or Conficker worm infection. It is advised to run a Windows Update and perform a system scan with a anti-virus or anti-malware software to identify and clean your computer from W32.Downadup.E.
Registry Modifications
- The following newly produced Registry Values are:
HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\Software\Microsoft\CurrentVersion\Applets\"ds" = [ENCRYPTED DLL]HKEY_CURRENT_USER\Software\Microsoft\CurrentVersion\Applets\"xl"HKEY_LOCAL_MACHINE\Software\Microsoft\CurrentVersion\Applets\"ds" = [ENCRYPTED DLL]HKEY_LOCAL_MACHINE\Software\Microsoft\CurrentVersion\Applets\"xl"
The easiest form of prevention for an insert virus like DOWNADUP is to run compression on all drives, all files. Compression removes the white space, so there is no room to insert.
Only the registry would then be vulnerable, but DOWNADUP would lose it's target files for attack.