Antivirus - Rimuovere Downadup (aka Conficker or Kido)

Ecco un tool che usai a suo tempo per debellare il famoso virus conficker in una rete aziendale con dominio Microsoft. Ho copiato ed incollato la pagina di download con le varie descrizioni. Il tool di rete, provvedendo un utente amministratore di rete fa tutto in automatico sui pc remoti:

Home Users

Just download the removal tool (.zip file - 3MB), double click on it, chose "Extract all files..." from the File menu, and follow the wizard's instructions. You can use any other archiver, like WinZip. This will create a folder called bd_rem_tool.

Inside it, find the program called "bd_rem_tool_gui.exe" (or just "bd_rem_tool_gui") and double click on it. It is very important to extract all the files from the zip archive, and not only bd_rem_tool_gui.exe, because all the other files are needed for the disinfection. Then follow the tool's instructions.

If you have Windows Vista with User Acccess Control enabled, or if you are running as a restricted user in Windows XP, right click the "bd_rem_tool_gui" program and choose "Run as Administrator". You will be prompted to enter credentials for an admin account.

We recommend a system reboot after the disinfection is complete, to restore full internet access.

If you don't already have permanent antivirus protection or if your current antivirus has failed you, consider using the advanced protection tool provided by BitDefender.

Network administrators
The removal kit (.exe file - 13MB)contains the BitDefender Deployment tool and a deployable removal tool to be installed on all the possibly affected computers.

Download and install the kit on a network computer (preferably, but not neccessarily, on a known clean one).

Run the DptTool from the Desktop shortcut or from the Start menu.

On the settings screen, set the reboot option to "Restart if needed".
Set the other options as needed.

General Options

The options in the General Options category allow you to specify the deployment behaviour on the target computers. You can check:
  • Notify user before and after deploying the package - to alert the user logged on the target computers about the deployment process. Two dialogs will appear on the user's screen, before and after the deployment process.
  • Do not display user interface on the target computers (recommended) To install the package silently in the background. The Windows Installer interface will not be displayed on target computers.
  • Use non interactive Authentication - to provide the administrative credentials (username and password) that will be used to authenticate on the target computers.
If the computers to be scanned are set up to not respond to ping (i.e. they have very restrictive firewall policies), set the tool to NOT ping before installing, or the installation will not take place. Click Next to continue.

Select the computers to be scanned from the Active Directory listing provided and start the deployment. Please note that the process may take a very long time if some of the computers selected are not online and the "ping before installing" option was de-selected in the previous screen, due to timeouts. Click Start to continue.

The Deployment tool will now install and run the Downadup removal tool on the selected computers.

The tool will exit cleanly and return "job Finished" if no infection is found.If an infection is found, it will be removed and the affectted machine will be scheduled to reboot after 30 seconds. The return message will also be "Job Finished"Any other situations (target machine not online, removal tool could not be run, etc) will be reported as such.The returned messages can be sorted and saved for later use - e.g. to create a list of machines that need to be cleaned later.