{"id":135,"date":"2009-04-07T09:44:06","date_gmt":"2009-04-07T01:44:06","guid":{"rendered":"http:\/\/www.sysadmindayph.com\/blog\/?p=135"},"modified":"2009-04-07T09:45:17","modified_gmt":"2009-04-07T01:45:17","slug":"remove-kido-conficker-downadup-downup-wor","status":"publish","type":"post","link":"https:\/\/www.sysadmindayph.com\/blog\/remove-kido-conficker-downadup-downup-wor\/","title":{"rendered":"Remove Kido \/ Conficker \/ Downadup \/ Downup Worm"},"content":{"rendered":"<p><strong>Kido<\/strong>, also known as Downup, Downadup and Conficker, is a computer worm targeting the <strong>Microsoft Windows operating system<\/strong> that was first detected in October 2008 but, after a couple of months later, it is still being discussed in antivirus forums and message boards.<\/p>\n<p>Topics usually discussed is how to detect and remove if you&#8217;re computer is infected by this Kido (aka Conficker\/Downup\/Downadup) worm.<\/p>\n<p>It was reported by Panda Security, also a well known antivirus company, that more than 9 million PC\u2019s have been infected. Special mention at the report was China (the probable country of origin). It is said that China is the country most infected by Kido.<\/p>\n<p><!--more--><\/p>\n<h1><a title=\"Permanent Link to Remove Kido \/ Conficker \/ Downadup \/ Downup\" rel=\"bookmark\" href=\"..\/remove-kido-conficker-downadup-downup\/\">Remove Kido \/ Conficker \/ Downadup \/ Downup<\/a><\/h1>\n<p><strong>Kido <\/strong>although it already has many names (<strong>Downadup, Downup, Conficker<\/strong> etc.) various antivirus vendors use various naming conventions for worms.<\/p>\n<p><strong>How to Protect Your Computer with Kido\/Conficker\/Downadup\/Downup<\/strong><\/p>\n<blockquote><p>There is a fix for this worm, the details are on our security site at <a title=\"http:\/\/www.microsoft.com\/technet\/security\/Bulletin\/MS08-067.mspx\" href=\"http:\/\/www.microsoft.com\/technet\/security\/Bulletin\/MS08-067.mspx\">http:\/\/www.microsoft.com\/technet\/security\/Bulletin\/MS08-067.mspx<\/a><\/p>\n<p>Please read the above bulletin for the full details, the patches to prevent this worm are on that page.<\/p><\/blockquote>\n<p><strong>How to Detect if You&#8217;re Infected with Kido<\/strong><\/p>\n<p>Found this chart while browsing and looking for ways to detect if you are already infected with this Downadup\/Conficker\/Kido worm<\/p>\n<p>Check it out here: http:\/\/www.joestewart.org\/cfeyechart.html<\/p>\n<p><strong>How to Remove Kido \/ Downadup \/ Conficker \/ Downup<\/strong><\/p>\n<p><span><span>If you are already infected and if your Antivirus software can\u2019t eliminate the <\/span><span class=\"IL_SPAN\"><br \/>\n<input name=\"IL_MARKER\" type=\"hidden\" \/>worm<\/span> you would need to download a removal tool offered by various security product vendors.<\/span><\/p>\n<p><a onclick=\"javascript:pageTracker._trackPageview('\/outgoing\/technet.microsoft.com\/en-us\/security\/dd452420.aspx');\" href=\"http:\/\/technet.microsoft.com\/en-us\/security\/dd452420.aspx\"><strong>Microsoft<\/strong><\/a> : <a onclick=\"javascript:pageTracker._trackPageview('\/outgoing\/support.kaspersky.com\/faq\/?qid=208279973');\" href=\"http:\/\/support.kaspersky.com\/faq\/?qid=208279973\">Windows Malicious Software Removal Tool<strong><br \/>\nKaspersky<\/strong><\/a> : KidoKiller<br \/>\n<a onclick=\"javascript:pageTracker._trackPageview('\/outgoing\/193.110.109.53\/anti-virus\/tools\/beta\/f-downadup.txt');\" href=\"ftp:\/\/193.110.109.53\/anti-virus\/tools\/beta\/f-downadup.txt\"><strong>F-Secure<\/strong><\/a> : <a onclick=\"javascript:pageTracker._trackPageview('\/outgoing\/ftp.f-secure.com\/anti-virus\/tools\/beta\/f-downadup.zip');\" href=\"ftp:\/\/ftp.f-secure.com\/anti-virus\/tools\/beta\/f-downadup.zip\">F-downadup<\/a> (<a onclick=\"javascript:pageTracker._trackPageview('\/outgoing\/193.110.109.53\/anti-virus\/tools\/beta\/f-downadup.zip');\" href=\"ftp:\/\/193.110.109.53\/anti-virus\/tools\/beta\/f-downadup.zip\">alternate link<\/a>)<br \/>\n<a onclick=\"javascript:pageTracker._trackPageview('\/outgoing\/www.bitdefender.com\/VIRUS-1000462-en--Win32.Worm.Downadup.Gen.html');\" href=\"http:\/\/www.bitdefender.com\/VIRUS-1000462-en--Win32.Worm.Downadup.Gen.html\"><strong>BitDefender<\/strong><\/a> : <a onclick=\"javascript:pageTracker._trackPageview('\/outgoing\/www.bitdefender.com\/site\/Downloads\/downloadFile\/1584\/FreeRemovalTool');\" href=\"http:\/\/www.bitdefender.com\/site\/Downloads\/downloadFile\/1584\/FreeRemovalTool\">Win32.Worm.Downadup.Gen Remover<\/a><br \/>\n<a onclick=\"javascript:pageTracker._trackPageview('\/outgoing\/www.spywarevoid.com\/remove-conficker-worm-downadup-removal.html');\" href=\"http:\/\/www.spywarevoid.com\/remove-conficker-worm-downadup-removal.html\"><strong>Spywarevoid<\/strong><\/a> : <a onclick=\"javascript:pageTracker._trackPageview('\/outgoing\/www.spywarevoid.com\/download\/sdsetup.exe');\" href=\"http:\/\/www.spywarevoid.com\/download\/sdsetup.exe\">W32.downadup.c removal tool<\/a><br \/>\n<a onclick=\"javascript:pageTracker._trackPageview('\/outgoing\/www.symantec.com\/security_response\/writeup.jsp?docid=2008-112203-2408-99&amp;tabid=3');\" href=\"http:\/\/www.symantec.com\/security_response\/writeup.jsp?docid=2008-112203-2408-99&amp;tabid=3\"><strong>Symantec<\/strong><\/a> : <a onclick=\"javascript:pageTracker._trackPageview('\/outgoing\/www.symantec.com\/security_response\/writeup.jsp?docid=2009-011316-0247-99');\" href=\"http:\/\/www.symantec.com\/security_response\/writeup.jsp?docid=2009-011316-0247-99\">W32.Downadup Remover<\/a><br \/>\n<a onclick=\"javascript:pageTracker._trackPageview('\/outgoing\/www.eset.eu\/press-conficker-continues');\" href=\"http:\/\/www.eset.eu\/press-conficker-continues\"><strong>ESET<\/strong><\/a> : <a onclick=\"javascript:pageTracker._trackPageview('\/outgoing\/download.eset.com\/special\/EConfickerRemover.exe');\" href=\"http:\/\/download.eset.com\/special\/EConfickerRemover.exe\">Conficker Remover<\/a><br \/>\n<a onclick=\"javascript:pageTracker._trackPageview('\/outgoing\/www.sophos.com\/support\/knowledgebase\/article\/51416.html');\" href=\"http:\/\/www.sophos.com\/support\/knowledgebase\/article\/51416.html\"><strong>Sophos<\/strong><\/a> : <a onclick=\"javascript:pageTracker._trackPageview('\/outgoing\/secure.sophos.com\/support\/updates\/dp\/full\/sconftool_10_sfx.exe');\" href=\"https:\/\/secure.sophos.com\/support\/updates\/dp\/full\/sconftool_10_sfx.exe\">Conficker Cleanup Tool<\/a><\/p>\n<p>Here are some aliases provided by opular antivirus vendors :<\/p>\n<ul>\n<li> <strong>Symantec : W32.Downadup<\/strong><\/li>\n<li><strong>F-Secure : W32\/Downadup.A, W32\/Downadup.B etc<\/strong><\/li>\n<li><strong>Panda : Conficker.A, Conficker.B etc<\/strong><\/li>\n<li><strong>Kaspersky : Net-Worm.Win32.Kido.bt, Net-Worm.Win32.Kido.ip, Net-Worm.Win32.Kido.iq etc<\/strong><\/li>\n<li><strong><span>McAffe : W32\/Conficker.<span class=\"IL_SPAN\"><br \/>\n<input name=\"IL_MARKER\" type=\"hidden\" \/>worm<\/span><\/span><\/strong><\/li>\n<li><strong><span>Bitdefender : Win32.<span class=\"IL_SPAN\"><br \/>\n<input name=\"IL_MARKER\" type=\"hidden\" \/>Worm<\/span>.Downadup.Gen<\/span><\/strong><\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"<p>Kido, also known as Downup, Downadup and Conficker, is a computer worm targeting the Microsoft Windows operating system that was first detected in October 2008 but, after a couple of months later, it is still &hellip;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[192],"tags":[194,199,195,196,198,193,200,197,201],"class_list":["post-135","post","type-post","status-publish","format-standard","hentry","category-virus-and-microsoft","tag-conficker","tag-detect","tag-downadup","tag-downup","tag-how-to-remove","tag-kido","tag-microsoft","tag-remove","tag-server"],"_links":{"self":[{"href":"https:\/\/www.sysadmindayph.com\/blog\/wp-json\/wp\/v2\/posts\/135","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.sysadmindayph.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.sysadmindayph.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.sysadmindayph.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.sysadmindayph.com\/blog\/wp-json\/wp\/v2\/comments?post=135"}],"version-history":[{"count":0,"href":"https:\/\/www.sysadmindayph.com\/blog\/wp-json\/wp\/v2\/posts\/135\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.sysadmindayph.com\/blog\/wp-json\/wp\/v2\/media?parent=135"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.sysadmindayph.com\/blog\/wp-json\/wp\/v2\/categories?post=135"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.sysadmindayph.com\/blog\/wp-json\/wp\/v2\/tags?post=135"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}