Results 1 to 11 of 11

Thread: Net-Worm.win32.Kido.ih

  1. #1
    Join Date
    Oct 2005
    Posts
    190

    Net-Worm.win32.Kido.ih

    Hello,
    I am connected to my company and infected by a new virus, For me Kaspersky internet security detects malicious code Net-Worm.Win32.Kido.ih without being able to neutralize it. The purpose c: \ windows \ system32 \ infected idsjbv.dll be found on my pc even though I deleted my cookies. I contacted Kaspersky support asked me that after various scans remains unanswered!
    I am in Windows XP Pro SP2. if someone can help me it would be great. Thank you
    I may b a dreamer, but I'm not the only one

  2. #2
    Join Date
    Jan 2006
    Posts
    3,798

    Re: Net-Worm.win32.Kido.ih

    Download and install HijackThis. HijackThis - How to use HijackThis? What it dose?

    HJTInstall.exe records on your desk.

    Double-click on HJTInstall.exe to run the program

    By default, it will move there:
    C: \ Program Files \ Trend Micro \ HijackThis

    Accept the license by clicking "I Accept"

    Choose the option "Do a system scan and save a log file"
    Click "Save log" to save the report, which will open with the notepad
    Click on "Edit -> Select All", then "Edit -> Copy to copy the entire contents of the report
    Copy the report here on your next post.

  3. #3
    Join Date
    Jan 2006
    Posts
    2,259

    Re: Net-Worm.win32.Kido.ih

    Get GenProc on your desktop (Note the file is a zip file)
    Unzip the file, double-click on GenProc.bat Finally, post the contents of the report that appears.
    For those who have vista, do not forget to disable the User Account Control
    With great power comes great responsibility - Spiderman's Uncle

    The Greatest Sig Ever

  4. #4
    Join Date
    Jan 2009
    Posts
    3

    idea Re: Net-Worm.win32.Kido.ih

    Hi,
    Isn't that dll 169043 bytes long? I've been fighting this worm for several days. You can't just delete it or what, it ties itself to a system exe. You should use ProcessExplorer (by Microsoft, incidentally) and ctrl-f that dll, doubleclick on it, then right click on the highlighted line, Close handle... Then, you can delete the file... if it's not in a NTFS filesystem... because in that case, you need to use the Security tab to gain access to do that
    Good luck.

  5. #5
    Join Date
    Oct 2005
    Posts
    190

    Re: Net-Worm.win32.Kido.ih

    Thank you taboriimre for that valuable input.
    Mine is a NTFS file system. What changes do I need to do in the security tab to access that?
    I may b a dreamer, but I'm not the only one

  6. #6
    Join Date
    Jan 2009
    Posts
    3

    Re: Net-Worm.win32.Kido.ih

    Quote Originally Posted by Hardik View Post
    Thank you taboriimre for that valuable input.
    Mine is a NTFS file system. What changes do I need to do in the security tab to access that?
    Make sure that Easy file sharing is off (in Folder options / View). Right click on that dll file, Properties... Security tab... check full access (all checkboxes).

    Hope this helps. Gotta run now.

  7. #7
    Join Date
    Dec 2008
    Location
    Colombo
    Posts
    121

    Re: Net-Worm.win32.Kido.ih

    I also infected that worm...Still detection method is unclear..Please help me to avoid such issue

  8. #8
    Join Date
    Jan 2009
    Posts
    3

    Re: Net-Worm.win32.Kido.ih

    Okay... I got it now...

    So I removed the 169043 bytes long dll/vmx/anything from the system32 dir as described above, then went into services.msc to locate the offending service which has a 2-words (randomly combined) English name, its status is empty or "starting" (Win2000), its startup type is "automatic".

    Example names: "Image Monitor", "Monitor Installer", "Universal Server"

    Doubleclick on the service name and observe the service name. It must be a random string.

    Open a cmd prompt.

    on WinXP, run:
    sc delete <string>

    on Win2000, run:
    regedt32
    In the HKEY_LOCAL_MACHINE window, look for the folders SYSTEM/ControlSet001/Services and SYSTEM/ControlSet002/Services.
    In each of them, look for the above string, click on it, click Security/Permissions, check the long option which has something to do with "inheriting", OK, then delete the key...

    Apply the ms patch and reboot.

  9. #9
    Join Date
    Nov 2008
    Posts
    3

    Re: Net-Worm.win32.Kido.ih

    how to remove msrun32.exe virus. because i cant open msconfig and regedit file. even i cant open mcafee antivirus

  10. #10
    Join Date
    Dec 2008
    Location
    Colombo
    Posts
    121

    Re: Net-Worm.win32.Kido.ih

    on WinXP, run:
    sc delete <string>
    what is mean by string..sc delete means delete some servive..? which service should delete..?
    Yes that virus take random numbers but according to explanation u saying delete services, Which service should be delete..?

  11. #11
    Yogesh Guest

    Re: Net-Worm.win32.Kido.ih

    Quote Originally Posted by senthilds View Post
    how to remove msrun32.exe virus. because i cant open msconfig and regedit file. even i cant open mcafee antivirus
    Hi senthilds

    Yours is a different topic...in that yours is related to different virus. So I'll suggest you to make a new thread for your topic with that title, so you can expect more replies rather than here.

    Also, posting different topic in another's thread is considered as Hijacking of the thread

Similar Threads

  1. How to remove Net-Worm.Win32.Kido.ir
    By RICO12 in forum Networking & Security
    Replies: 3
    Last Post: 10-12-2009, 05:16 AM
  2. Dell Inspiron 1545 Laptop Worm: win32.kido.ih
    By KALLIYAN in forum Networking & Security
    Replies: 3
    Last Post: 20-11-2009, 11:00 PM
  3. Need a antivirus for Trojan-Dropper.Win32.Kido.a
    By Lishi in forum Networking & Security
    Replies: 3
    Last Post: 29-10-2009, 11:04 PM
  4. Remove Net worm win32 kido.ih, kido conficker.dv and kido.fx
    By LAMONT D in forum AntiVirus Software
    Replies: 1
    Last Post: 24-04-2009, 10:50 AM
  5. Infected: virus Net-Worm.Win32.Kido.ih
    By itsallaobutgame in forum AntiVirus Software
    Replies: 1
    Last Post: 26-03-2009, 01:08 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •