Downadup Description

Downadup, also known as W32.Downadup, Conficker and Kido, is a malevolent worm. Downadup may be installed and spread in the user's computer system through weaknesses found in Windows MS08-067 service vulnerability. The Downadup worm is particularly dangerous because of its ability to infect and spread to other computers by network shares and removable media. The Downadup worm has reached epidemic proportions with its widespread infection. According to experts, Downadup has already infected over 9 million PCs. The problem has not gone unnoticed as Microsoft has responded by releasing a patch to fix the Windows vulnerability which the Downadup worm is exploiting. Unfortunately, there are many computers that do not have this Microsoft patch installed and still remain hostage to this hideous Downadup worm. Downadup continues to spread its infection to PCs around the globe.

Downadup copies itself by adding random named DLL files to your computer's C:\Windows\System32. The Downadup worm changes a number of your Windows settings in order to infect other PC's over your network.

Once infected with the Downadup worm, you will be unable to access numerous sites such as and most anti-virus and security websites. This is done in order to try to prevent you from removing the infection.

It is important that you download the latest released patch from Microsoft Windows Update. Since Downadup uses random file names to prevent easy detection, it is recommended that you use an anti-virus or anti-spyware software that will allow you to scan your entire computer instead of attempting to delete Conficker's files manually.

Aliases:, Win32/Conficker.A, Conficker.A, WORM_DOWNAD.AP and W32/Downadup.A.

Technical Information

Registry Details

Downadup creates the following registry entry or registry entries:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost, netsvcs = %Previous data% and %Random%
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Advanced\Folder\Hidden\SHO WALLCheckedValue = dword:00000000
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\netsvcs\Parameters\"ServiceDll" = "[PATH OF WORM EXECUTABLE]"

Related Posts

Leave a Reply

Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.