Step by step wormanup, kido for Win XP

Our school get annoying worm which cause slow internet connection and make it dificult to access major anti virus website. Finally we found out the name :

  • Worm.Conficker [PCTools]
  • W32.Downadup [Symantec]
  • Net-Worm.Win32.Kido.ih [Kaspersky Lab]
  • W32/Conficker.worm [McAfee]
  • W32/Confick-A [Sophos]
  • Worm:Win32/Conficker.A [Microsoft]
  • Worm.Win32.Conficker [Ikarus]

Scan Infected computers

To detect it from network we use mikrotik tools ‘torch’ and pointing it to port 445 :


Source address of infected computer easily found using torch.

read more »