Printable View
Hello,
I am connected to my company and infected by a new virus, For me Kaspersky internet security detects malicious code Net-Worm.Win32.Kido.ih without being able to neutralize it. The purpose c: \ windows \ system32 \ infected idsjbv.dll be found on my pc even though I deleted my cookies. I contacted Kaspersky support asked me that after various scans remains unanswered!
I am in Windows XP Pro SP2. if someone can help me it would be great. Thank you
Download and install HijackThis. http://forums.techarena.in/guides-tutorials/1029054.htm
HJTInstall.exe records on your desk.
Double-click on HJTInstall.exe to run the program
By default, it will move there:
C: \ Program Files \ Trend Micro \ HijackThis
Accept the license by clicking "I Accept"
Choose the option "Do a system scan and save a log file"
Click "Save log" to save the report, which will open with the notepad
Click on "Edit -> Select All", then "Edit -> Copy to copy the entire contents of the report
Copy the report here on your next post.
Get GenProc on your desktop (Note the file is a zip file)
Unzip the file, double-click on GenProc.bat Finally, post the contents of the report that appears.
For those who have vista, do not forget to disable the User Account Control
Hi,
Isn't that dll 169043 bytes long? I've been fighting this worm for several days. You can't just delete it or what, it ties itself to a system exe. You should use ProcessExplorer (by Microsoft, incidentally) and ctrl-f that dll, doubleclick on it, then right click on the highlighted line, Close handle... Then, you can delete the file... if it's not in a NTFS filesystem... because in that case, you need to use the Security tab to gain access to do that :)
Good luck.
Thank you taboriimre for that valuable input.
Mine is a NTFS file system. What changes do I need to do in the security tab to access that?
Make sure that Easy file sharing is off (in Folder options / View). Right click on that dll file, Properties... Security tab... check full access (all checkboxes).Quote:
Originally Posted by Hardik
Hope this helps. Gotta run now.
I also infected that worm...Still detection method is unclear..Please help me to avoid such issue
Okay... I got it now...
So I removed the 169043 bytes long dll/vmx/anything from the system32 dir as described above, then went into services.msc to locate the offending service which has a 2-words (randomly combined) English name, its status is empty or "starting" (Win2000), its startup type is "automatic".
Example names: "Image Monitor", "Monitor Installer", "Universal Server" :)
Doubleclick on the service name and observe the service name. It must be a random string.
Open a cmd prompt.
on WinXP, run:
sc delete <string>
on Win2000, run:
regedt32
In the HKEY_LOCAL_MACHINE window, look for the folders SYSTEM/ControlSet001/Services and SYSTEM/ControlSet002/Services.
In each of them, look for the above string, click on it, click Security/Permissions, check the long option which has something to do with "inheriting", OK, then delete the key...
Apply the ms patch and reboot.
how to remove msrun32.exe virus. because i cant open msconfig and regedit file. even i cant open mcafee antivirus
what is mean by string..sc delete means delete some servive..? which service should delete..?Quote:
on WinXP, run:
sc delete <string>
Yes that virus take random numbers but according to explanation u saying delete services, Which service should be delete..?
Hi senthildsQuote:
Originally Posted by senthilds
Yours is a different topic...in that yours is related to different virus. So I'll suggest you to make a new thread for your topic with that title, so you can expect more replies rather than here.
Also, posting different topic in another's thread is considered as Hijacking of the thread :ohyeah: