Go Back   TechArena Community > Technology > Networking & Security
Become a Member!
Forgot your username/password?
Register Tags Active Topics RSS Search Mark Forums Read

Sponsored Links



Net-Worm.win32.Kido.ih

Networking & Security


Reply
 
Thread Tools Search this Thread
  #1  
Old 10-01-2009
Member
 
Join Date: Oct 2005
Posts: 190
Net-Worm.win32.Kido.ih
  

Hello,
I am connected to my company and infected by a new virus, For me Kaspersky internet security detects malicious code Net-Worm.Win32.Kido.ih without being able to neutralize it. The purpose c: \ windows \ system32 \ infected idsjbv.dll be found on my pc even though I deleted my cookies. I contacted Kaspersky support asked me that after various scans remains unanswered!
I am in Windows XP Pro SP2. if someone can help me it would be great. Thank you

__________________
I may b a dreamer, but I'm not the only one
Reply With Quote
  #2  
Old 10-01-2009
Member
 
Join Date: Jan 2006
Posts: 3,773
Re: Net-Worm.win32.Kido.ih

Download and install HijackThis. HijackThis - How to use HijackThis? What it dose?

HJTInstall.exe records on your desk.

Double-click on HJTInstall.exe to run the program

By default, it will move there:
C: \ Program Files \ Trend Micro \ HijackThis

Accept the license by clicking "I Accept"

Choose the option "Do a system scan and save a log file"
Click "Save log" to save the report, which will open with the notepad
Click on "Edit -> Select All", then "Edit -> Copy to copy the entire contents of the report
Copy the report here on your next post.
Reply With Quote
  #3  
Old 10-01-2009
Member
 
Join Date: Jan 2006
Posts: 2,254
Re: Net-Worm.win32.Kido.ih

Get GenProc on your desktop (Note the file is a zip file)
Unzip the file, double-click on GenProc.bat Finally, post the contents of the report that appears.
For those who have vista, do not forget to disable the User Account Control
__________________
With great power comes great responsibility - Spiderman's Uncle

The Greatest Sig Ever
Reply With Quote
  #4  
Old 13-01-2009
Member
 
Join Date: Jan 2009
Posts: 3
idea Re: Net-Worm.win32.Kido.ih

Hi,
Isn't that dll 169043 bytes long? I've been fighting this worm for several days. You can't just delete it or what, it ties itself to a system exe. You should use ProcessExplorer (by Microsoft, incidentally) and ctrl-f that dll, doubleclick on it, then right click on the highlighted line, Close handle... Then, you can delete the file... if it's not in a NTFS filesystem... because in that case, you need to use the Security tab to gain access to do that
Good luck.
Reply With Quote
  #5  
Old 13-01-2009
Member
 
Join Date: Oct 2005
Posts: 190
Re: Net-Worm.win32.Kido.ih

Thank you taboriimre for that valuable input.
Mine is a NTFS file system. What changes do I need to do in the security tab to access that?
__________________
I may b a dreamer, but I'm not the only one
Reply With Quote
  #6  
Old 13-01-2009
Member
 
Join Date: Jan 2009
Posts: 3
Re: Net-Worm.win32.Kido.ih

Quote:
Originally Posted by Hardik View Post
Thank you taboriimre for that valuable input.
Mine is a NTFS file system. What changes do I need to do in the security tab to access that?
Make sure that Easy file sharing is off (in Folder options / View). Right click on that dll file, Properties... Security tab... check full access (all checkboxes).

Hope this helps. Gotta run now.
Reply With Quote
  #7  
Old 14-01-2009
Member
 
Join Date: Dec 2008
Location: Colombo
Posts: 121
Re: Net-Worm.win32.Kido.ih

I also infected that worm...Still detection method is unclear..Please help me to avoid such issue
Reply With Quote
  #8  
Old 17-01-2009
Member
 
Join Date: Jan 2009
Posts: 3
Re: Net-Worm.win32.Kido.ih

Okay... I got it now...

So I removed the 169043 bytes long dll/vmx/anything from the system32 dir as described above, then went into services.msc to locate the offending service which has a 2-words (randomly combined) English name, its status is empty or "starting" (Win2000), its startup type is "automatic".

Example names: "Image Monitor", "Monitor Installer", "Universal Server"

Doubleclick on the service name and observe the service name. It must be a random string.

Open a cmd prompt.

on WinXP, run:
sc delete <string>

on Win2000, run:
regedt32
In the HKEY_LOCAL_MACHINE window, look for the folders SYSTEM/ControlSet001/Services and SYSTEM/ControlSet002/Services.
In each of them, look for the above string, click on it, click Security/Permissions, check the long option which has something to do with "inheriting", OK, then delete the key...

Apply the ms patch and reboot.
Reply With Quote
  #9  
Old 18-01-2009
Member
 
Join Date: Nov 2008
Posts: 3
Re: Net-Worm.win32.Kido.ih

how to remove msrun32.exe virus. because i cant open msconfig and regedit file. even i cant open mcafee antivirus
Reply With Quote
  #10  
Old 18-01-2009
Member
 
Join Date: Dec 2008
Location: Colombo
Posts: 121
Re: Net-Worm.win32.Kido.ih

Quote:
on WinXP, run:
sc delete <string>
what is mean by string..sc delete means delete some servive..? which service should delete..?
Yes that virus take random numbers but according to explanation u saying delete services, Which service should be delete..?
Reply With Quote
  #11  
Old 19-01-2009
Yogesh
 
Posts: n/a
Re: Net-Worm.win32.Kido.ih

Quote:
Originally Posted by senthilds View Post
how to remove msrun32.exe virus. because i cant open msconfig and regedit file. even i cant open mcafee antivirus
Hi senthilds

Yours is a different topic...in that yours is related to different virus. So I'll suggest you to make a new thread for your topic with that title, so you can expect more replies rather than here.

Also, posting different topic in another's thread is considered as Hijacking of the thread
Reply With Quote
Reply

  TechArena Community > Technology > Networking & Security
Tags:



Thread Tools Search this Thread
Search this Thread:

Advanced Search


Similar Threads for: "Net-Worm.win32.Kido.ih"
Thread Thread Starter Forum Replies Last Post
How to remove Net-Worm.Win32.Kido.ir RICO12 Networking & Security 3 10-12-2009 05:16 AM
Dell Inspiron 1545 Laptop Worm: win32.kido.ih KALLIYAN Networking & Security 3 20-11-2009 11:00 PM
Need a antivirus for Trojan-Dropper.Win32.Kido.a Lishi Networking & Security 3 29-10-2009 11:04 PM
Remove Net worm win32 kido.ih, kido conficker.dv and kido.fx LAMONT D AntiVirus Software 1 24-04-2009 10:50 AM
Infected: virus Net-Worm.Win32.Kido.ih itsallaobutgame AntiVirus Software 1 26-03-2009 01:08 PM


All times are GMT +5.5. The time now is 02:46 AM.