Re: Net-Worm.win32.Kido.ih
Download and install HijackThis. http://forums.techarena.in/guides-tutorials/1029054.htm
HJTInstall.exe records on your desk.
Double-click on HJTInstall.exe to run the program
By default, it will move there:
C: \ Program Files \ Trend Micro \ HijackThis
Accept the license by clicking "I Accept"
Choose the option "Do a system scan and save a log file"
Click "Save log" to save the report, which will open with the notepad
Click on "Edit -> Select All", then "Edit -> Copy to copy the entire contents of the report
Copy the report here on your next post.
Re: Net-Worm.win32.Kido.ih
Get GenProc on your desktop (Note the file is a zip file)
Unzip the file, double-click on GenProc.bat Finally, post the contents of the report that appears.
For those who have vista, do not forget to disable the User Account Control
Re: Net-Worm.win32.Kido.ih
Hi,
Isn't that dll 169043 bytes long? I've been fighting this worm for several days. You can't just delete it or what, it ties itself to a system exe. You should use ProcessExplorer (by Microsoft, incidentally) and ctrl-f that dll, doubleclick on it, then right click on the highlighted line, Close handle... Then, you can delete the file... if it's not in a NTFS filesystem... because in that case, you need to use the Security tab to gain access to do that :)
Good luck.
Re: Net-Worm.win32.Kido.ih
Thank you taboriimre for that valuable input.
Mine is a NTFS file system. What changes do I need to do in the security tab to access that?
Re: Net-Worm.win32.Kido.ih
Quote:
Originally Posted by
Hardik
Thank you taboriimre for that valuable input.
Mine is a NTFS file system. What changes do I need to do in the security tab to access that?
Make sure that Easy file sharing is off (in Folder options / View). Right click on that dll file, Properties... Security tab... check full access (all checkboxes).
Hope this helps. Gotta run now.
Re: Net-Worm.win32.Kido.ih
I also infected that worm...Still detection method is unclear..Please help me to avoid such issue
Re: Net-Worm.win32.Kido.ih
Okay... I got it now...
So I removed the 169043 bytes long dll/vmx/anything from the system32 dir as described above, then went into services.msc to locate the offending service which has a 2-words (randomly combined) English name, its status is empty or "starting" (Win2000), its startup type is "automatic".
Example names: "Image Monitor", "Monitor Installer", "Universal Server" :)
Doubleclick on the service name and observe the service name. It must be a random string.
Open a cmd prompt.
on WinXP, run:
sc delete <string>
on Win2000, run:
regedt32
In the HKEY_LOCAL_MACHINE window, look for the folders SYSTEM/ControlSet001/Services and SYSTEM/ControlSet002/Services.
In each of them, look for the above string, click on it, click Security/Permissions, check the long option which has something to do with "inheriting", OK, then delete the key...
Apply the ms patch and reboot.
Re: Net-Worm.win32.Kido.ih
how to remove msrun32.exe virus. because i cant open msconfig and regedit file. even i cant open mcafee antivirus
Re: Net-Worm.win32.Kido.ih
Quote:
on WinXP, run:
sc delete <string>
what is mean by string..sc delete means delete some servive..? which service should delete..?
Yes that virus take random numbers but according to explanation u saying delete services, Which service should be delete..?
Re: Net-Worm.win32.Kido.ih
Quote:
Originally Posted by
senthilds
how to remove msrun32.exe virus. because i cant open msconfig and regedit file. even i cant open mcafee antivirus
Hi senthilds
Yours is a different topic...in that yours is related to different virus. So I'll suggest you to make a new thread for your topic with that title, so you can expect more replies rather than here.
Also, posting different topic in another's thread is considered as Hijacking of the thread :ohyeah: