NEWS FROM THE LAB - Tuesday, January 20, 2009

ISTP and F-Downadup Removal Tool Posted by Response @ 15:14 GMT

Our F-Downadup Removal Tool was updated on the 19th.

If you are working to disinfect the Downadup worm from your network, check that you have the most recent version of F-Downadup. You can compare the modification dates from our FTP server.

Our Worm:W32/Downadup.gen description is a good index of Downadup info.

Links have been added recently, such as one to Microsoft's Knowledge Base Article 962007. The KB article include numerous details on manual disinfection. The Microsoft MSRT application was updated to scan for Downadup (alias Conficker) this month.

One important note: Downadup disables Automatic Updates, so updated versions of MSRT will need to be downloaded manually, it will not be automatically installed on infected machines.

The team members developing F-Downadup have also updated our scanning and removal engines. Internet Security 2009 and Client Security 8 (among others) utilize updateable engine architecture.

…and that brings us to:

Internet Security Technology Preview

Tomi, from our Customer Involvement Team, would like to point out that the latest version of ISTP (9.10 build 129) was released on January 14th. ISTP receives signature and engine updates from our beta update channel. So, the ISTP engine architecture will use our latest removal engine, which was released to beta today.

If you would like to try ISTP, you'll find more information from here. ISTP feedback enrolls users into prize giveaways.

We recently received another batch of our very popular laptop stickers, so as a bonus, we'll pass along a stack to Tomi.

Updated to add January 21st:

Yesterday we mentioned that the latest version of our removal engine was released to our beta update channel.

There is also a beta channel update of our scanning engine planned for tomorrow (the 22nd). Those testing previous builds of ISTP will also receive this updated scanning engine.

There are a number of improved features that have been implemented and we look forward to the feedback.

F-Downadup Note: Computers infected by Downadup are blocked from reaching f-secure.com websites.

Our FTP server can also be reached from: ftp://ftp.antivirus.fi/anti-virus/tools/beta/ and