How to kill Net-Worm.Win32.Kido virus
Kaspersky Lab Vietnam Technical Support team received a lot of announcements about the increasing infection in the enterprise network of theNet-Worm.Win32.Kidodeep line.Here are some descriptions of this deep line and how to kill it .
The symptoms of the network are infected with Kido virus
1. Network traffic increases dramatically if there are infected computers in the network, because the network is attacked from these computers.
2. Anti-Virus programs with an IDS (Intrusion Detection System) appear to be attacked by Intrusion.Win.NETAPI.buffer-overflow.exploit
Short description of the Net-Worm.Win32.Kido virus line
1. It creates files autorun.inf and RECYCLED {SID} RANDOM_NAME.vmx in portable hard drives (USB Flash) and sometimes in corporate networks.
2. It stores itself into the system as a DLL file with any name (eg c: windowssystem32zorizr.dll ).
3. It registers itself and the computer's service system with any name (eg knqdgsm ).
4. It tries to attack computers via 445 or 139 TCP ports, using MS Windows vulnerability MS08-067 security error.
5. It tries to connect to some of the following websites (we recommend setting up a network firewall to monitor connections to these websites):
http://www.getmyip.org
http://getmyip.co.uk
http://www.whatsmyipaddress.com
http://www.whatismyip.org
http://checkip.dyndns.org
http://schemas.xmlsoap.org/soap/envelope/
http://schemas.xmlsoap.org/soap/encoding/
http://schemas.xmlsoap.org/soap/envelope/
http://schemas.xmlsoap.org/soap/encoding/
http://trafficconverter.biz/4vir/antispyware/loadadv.exe
http://trafficconverter.biz
http://www.maxmind.com/download/geoip/database/GeoIP.dat.gz
These methods of killing viruses
Customers should use a special tool, kidokiller.exe, to remove this virus.
To prevent all servers and servers from being infected with this worm, you should do the following:
- Install the latest version and bug from Microsoft for vulnerabilities MS08-067, MS08-068, MS09-001.
- Make sure that the Local Administrator account's password is hard to find and easily hacked - the password should include at least 6 characters; use a mix of lowercase, uppercase, numbers and special characters (such as #,!, $, @ .).
- Turn off the auto-run feature from removable drives.
The tool kidokiller.exe can be run directly on an infected computer, or remotely with the help of Kaspersky Administration Kit.
To remove the virus directly on the infected machine
1. Download the compressed file KidoKiller_v3.3.2.zip and extract it to a folder on the infected computer.
2. Run the file KidoKiller.exe
When the scan will appear many command line windows, press any button to minimize the window. For the command line to close automatically, you should run the tool KidoKiller.exe with the parameter -y .
3. Wait until the scan is complete.
If Agnitum Outpost Firewall is installed on the infected machine, it is required to restart the computer every time the tool is done.
4. Conduct a comprehensive scan of your computer with Kaspersky Anti-Virus
To remove the virus via the Administration Kit
1. Download the compressed file KidoKiller_v3.3.2.zip and extract it to a folder.
2. In Administration Kit console create installation package for application KidoKiller.exe . In the configuration installation package on the step Application select Make installation package for specified executable file .
In the Executable file command line (optional) field specify the -y parameter to close the console window automatically whenever the tool is done.
3. Create a global or task group for remote installation of the installation package to assign to computers and run the task.
The KidoKiller.exe tool can run on all computers on the network in the form of running tasks.
4. After each tool has finished, scan each computer for the network using Kaspersky Anti-Virus
If Agnitum Outpost Firewall is installed on the infected machine, it is required to restart the computer every time the tool is done.
For more information about this tool, run KidoKiller.exe with parameters –help .
Parameters manage KidoKiller.exe from the command line
- -p - scan a defined folder
- -f - scan the hard drive
- -n - scan the network drive
- -r - scan the removable drive
- -y - end the program without pressing any key
- -s - silent mode (does not display black screen window)
- -l - write to a log file
- -v - extended log maintenance (should be used with the -l parameter)
- -help - display additional information about the tool
For example, in the case of scanning a removable disk and recording the report into a report.txt file (it will be created in the installation directory of KidoKiller.exe), use the following command:
kidokiller.exe -r -y -l report.txt -v
You should read it
- Kaspersky's free support security utilities
- The good news: finding antibodies can kill 99% of the HIV virus strain
- Destroy the autorun virus in USB or on PC with 4 simple ways
- No need to use an antivirus program, this is how to get rid of the virus on your computer
- How to fix when Facebook is infected with virus
- Alcoholic anti-virus like?
- What is the Pokki virus and how does it get rid of it?
- How to remove Trojan, Virus, Worm or Malware?
May be interested
- Kill viruses, Windows 7 trojans without downloading softwaresoftware scans take a lot of your time, from installation to waiting for the completion process. not to mention some protection tools also consume a lot of memory. so why don't you try to manually perform the virus and trojan removal process on win 7 computer?
- How to effectively remove Shortcut Virus on computer and USBshortcut virus is one of the common viruses that causes files to be hidden, spreads quickly and slows down computers and usbs. if you are experiencing this situation, do not miss the effective ways to kill shortcut virus below to protect your data safely.
- How to kill Vlove virusthe vietnamese internet community is witnessing a new 'flood' from the internal virus called vlove, spread through the most popular yahoo messenger instant messaging service today. virus sends im to the entire list frien
- 3 signs that your Android device is attacked by a viruswhich sign shows that android has been attacked by a virus? if your android device encounters these problems, think about the virus immediately and kill the virus.
- Top 5 antivirus software for iPhonethese are the 5 best antivirus software for ios today, in addition to antivirus features, each software also provides a number of other features to enhance the security of your device.
- 3 ways to kill flies do not cost a penny but very effectivecreating traps with apple cider vinegar, cloves or mint is one of many ways to kill flies extremely fragrant, economical and extremely effective.
- How to kill W32.Kavo virusafter the article kavo virus makes yahoo! messenger automatically 'finishes', tipsmake.com has learned and provided a way to help readers if infected with this virus can catch and delete it manually.
- Afraid of money being infected with Covid-19 virus, Korean man 'turned' on fire 300 USD in microwavethis tragic story also happened in china more than a week ago when a woman burned for up to 449 usd for putting money in a microwave to kill corona virus.
- Removal of virus does not need specialized softwarethis is an appropriate method for computers with configurations not strong enough to use heavy-duty antivirus software such as bitdefender, kaspersky, norton antivirus ...
- The easiest ways to get rid of insects in the housecockroaches, ants, flies, mosquitoes, termites, fleas are common insects that appear in the house, so you should get rid of them with the following simple ways.