A guy from Microsoft's tech support posted how he found Conficker on a box from a crash dump using windbg: Hunting for Bugs, but Found a Worm This is cool because it shows how much info Conficker leaves in plain-view in memory, and also shows how someone who knows how to use windbg actually uses it.