Results 1 to 7 of 7

Thread: Infected: virus Net-Worm.Win32.Kido.ih

  1. #1
    itsallaobutgame
    Guest

    Infected: virus Net-Worm.Win32.Kido.ih


    Hi Friends

    OS: Windows XP Sp2

    Problem: Kasper 7.0 unable to delete WormWin32 Kido.ih. I am working
    in an organization and my one of the LAB infected with that worm. I have
    also tried KLWL, and kkiller utilites but they even did not detect this
    version of KIDO.IH.

    Symptoms: Kido.ih drops a dll file in system32 which has a different
    name in each of my network PC. This file is sytem hidden and no one has
    rights to remove or rename it. Even KAV 7.0 only shows the skip option
    no delete no disinfect. This worm Also add a registry value which
    disallow user to show hidden files or folders. It also creates its
    SERVICE. When we attach any pen drive to the infected system pen drive
    automatically infected with that worm and this worm creates Autorun.inf
    and jwgkvsq.vmx file.

    What I have tried: I tried every steps and able to remove that dll file
    in Safe mode. But its automatically creates again because the whole LAN
    is infected with that worm.

    kido.ih sample which i found in my pen drive

    Sample of Autorun.inf and jwgkvsq.vmx :
    http://rapidshare.com/files/21322637...ample.rar.html
    Password for Win_32_Worm_kido.ih_Sample.rar " kido " without
    Quito


    Please help


    --
    itsallaobutgame
    ------------------------------------------------------------------------
    itsallaobutgame's Profile: http://forums.techarena.in/members/83696.htm
    View this thread: http://forums.techarena.in/virus-spyware/1148204.htm

    http://forums.techarena.in


  2. #2
    1PW
    Guest

    Re: Infected: virus Net-Worm.Win32.Kido.ih

    On 03/25/2009 10:38 PM, itsallaobutgame sent:
    > Hi Friends
    >
    > OS: Windows XP Sp2
    >
    > Problem: Kasper 7.0 unable to delete WormWin32 Kido.ih. I am working
    > in an organization and my one of the LAB infected with that worm. I have
    > also tried KLWL, and kkiller utilites but they even did not detect this
    > version of KIDO.IH.
    >
    > Symptoms: Kido.ih drops a dll file in system32 which has a different
    > name in each of my network PC. This file is sytem hidden and no one has
    > rights to remove or rename it. Even KAV 7.0 only shows the skip option
    > no delete no disinfect. This worm Also add a registry value which
    > disallow user to show hidden files or folders. It also creates its
    > SERVICE. When we attach any pen drive to the infected system pen drive
    > automatically infected with that worm and this worm creates Autorun.inf
    > and jwgkvsq.vmx file.
    >
    > What I have tried: I tried every steps and able to remove that dll file
    > in Safe mode. But its automatically creates again because the whole LAN
    > is infected with that worm.
    >
    > kido.ih sample which i found in my pen drive
    >
    > Sample of Autorun.inf and jwgkvsq.vmx :
    > http://rapidshare.com/files/21322637...ample.rar.html
    > Password for Win_32_Worm_kido.ih_Sample.rar " kido " without
    > Quito
    >
    >
    > Please help


    Please try the "Removal instructions" here:

    <http://www.viruslist.com/en/viruses/encyclopedia?virusid=21782790>

    Follow with a scan with the free version of:

    <http://www.malwarebytes.org/mbam-download.php>

    Please make absolute sure that you have installed this patch:

    <http://www.microsoft.com/technet/security/Bulletin/MS08-067.mspx>

    Pete
    --
    1PW @?6A62?FEH9:DE=6o2@=]4@> [r4o7t]

  3. #3
    Volker Birk
    Guest

    Re: Infected: virus Net-Worm.Win32.Kido.ih

    itsallaobutgame <itsallaobutgame.3pn6nd@donotspam.com> wrote:
    > Problem: Kasper 7.0 unable to delete WormWin32 Kido.ih. I am working
    > in an organization and my one of the LAB infected with that worm. I have
    > also tried KLWL, and kkiller utilites but they even did not detect this
    > version of KIDO.IH.


    You definitely should flatten and rebuild every infected system.
    Additionally you should find out, how this thing was spread.

    You should not try to remove - this will not work in a secure way.

    Yours,
    VB.
    --
    Bitte beachten Sie auch die R├╝ckseite dieses Schreibens!

  4. #4
    Volker Birk
    Guest

    Re: Infected: virus Net-Worm.Win32.Kido.ih

    1PW <barcrnahgjuvfgyr@nby.pbz> wrote:
    > Please try the "Removal instructions" here:
    > <http://www.viruslist.com/en/viruses/encyclopedia?virusid=21782790>


    Better don't do this. Such "removal instructions" are a make-believe.

    > Please make absolute sure that you have installed this patch:
    > <http://www.microsoft.com/technet/security/Bulletin/MS08-067.mspx>


    Better read this text:

    <http://technet.microsoft.com/en-us/library/cc512587.aspx>

    Yours,
    VB.
    --
    Bitte beachten Sie auch die R├╝ckseite dieses Schreibens!

  5. #5
    Junior Member
    Join Date
    Jun 2009
    Posts
    1
    Can data rrecovery possible from unformated pen drive? I have a 4 GB Kingston pendrive.When I insert it into USB port computer shows this message "The disk in drive in H is not formatted.Do you want to format it now?" I have my most important Data in this pen drive and want to get it any how .Is there any way to get it ?please help me.I really will thankfull to all of you.
    ____________________
    market samurai ~ marketsamurai ~ marketsamurai.com
    Last edited by marchelyx; 06-14-09 at 03:07 AM.

  6. #6
    Junior Member
    Join Date
    Sep 2009
    Posts
    1
    Thanks for your sharing. Thanks for sharing this useful information. It's great.



    property internet management software project document asset This internet management software is perfect for your document and web company property internet management software project document asset

  7. #7
    Junior Member
    Join Date
    May 2010
    Posts
    1

    Get and install an antivirus

    Get and install an antivirus program I prefer avg with firewall you can download from here http://www.trustdownload.com or soft32.

Similar Threads

  1. virus question
    By 24giovanni in forum Software Forum
    Replies: 4
    Last Post: 07-26-08, 05:05 AM
  2. Simple Steps for Taking Care of Your Computer to Avoid Virus
    By Samuel4u in forum Network Security
    Replies: 1
    Last Post: 06-18-08, 09:51 AM
  3. How to Remove Computer Virus
    By Samuel4u in forum Network Security
    Replies: 6
    Last Post: 05-07-08, 11:28 PM
  4. Replies: 4
    Last Post: 01-26-07, 12:49 PM
  5. XP running with a virus or trogen?
    By Swimace in forum Software Forum
    Replies: 2
    Last Post: 01-16-07, 05:57 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •