|
Posted by 1PW on March 26, 2009, 3:38 am
If you were Registered and logged in, you could reply and use other advanced thread options
On 03/25/2009 10:38 PM, itsallaobutgame sent:
> Hi Friends
>
> OS: Windows XP Sp2
>
> Problem: Kasper 7.0 unable to delete WormWin32 Kido.ih. I am working
> in an organization and my one of the LAB infected with that worm. I have
> also tried KLWL, and kkiller utilites but they even did not detect this
> version of KIDO.IH.
>
> Symptoms: Kido.ih drops a dll file in system32 which has a different
> name in each of my network PC. This file is sytem hidden and no one has
> rights to remove or rename it. Even KAV 7.0 only shows the skip option
> no delete no disinfect. This worm Also add a registry value which
> disallow user to show hidden files or folders. It also creates its
> SERVICE. When we attach any pen drive to the infected system pen drive
> automatically infected with that worm and this worm creates Autorun.inf
> and jwgkvsq.vmx file.
>
> What I have tried: I tried every steps and able to remove that dll file
> in Safe mode. But its automatically creates again because the whole LAN
> is infected with that worm.
>
> kido.ih sample which i found in my pen drive
>
> Sample of Autorun.inf and jwgkvsq.vmx :
> http://rapidshare.com/files/213226372/Win_32_Worm_kido.ih_Sample.rar.html
> Password for Win_32_Worm_kido.ih_Sample.rar " kido " without
> Quito
>
>
> Please help
Please try the "Removal instructions" here:
<http://www.viruslist.com/en/viruses/encyclopedia?virusid=21782790>
Follow with a scan with the free version of:
<http://www.malwarebytes.org/mbam-download.php>
Please make absolute sure that you have installed this patch:
<http://www.microsoft.com/technet/security/Bulletin/MS08-067.mspx>
Pete
--
1PW @?6A62?FEH9:DE=6o2@=]4@> [r4o7t]
| 
Yahoo! 
Google 
Windows Live 
del.icio.us 
digg 
Netscape 
XML site map