How to kill Net-Worm.Win32.Kido virus

Kaspersky Lab Vietnam Technical Support team received a lot of announcements about the increasing infection in the enterprise network of the Net-Worm.Win32.Kido deep line. Here are some descriptions of this deep line and how to kill it.

How to kill Net-Worm.Win32.Kido virus

Kaspersky Lab Vietnam Technical Support team received a lot of announcements about the increasing infection in the enterprise network of theNet-Worm.Win32.Kidodeep line.Here are some descriptions of this deep line and how to kill it .

The symptoms of the network are infected with Kido virus

1. Network traffic increases dramatically if there are infected computers in the network, because the network is attacked from these computers.

2. Anti-Virus programs with an IDS (Intrusion Detection System) appear to be attacked by Intrusion.Win.NETAPI.buffer-overflow.exploit

Short description of the Net-Worm.Win32.Kido virus line

1. It creates files autorun.inf and RECYCLED {SID} RANDOM_NAME.vmx in portable hard drives (USB Flash) and sometimes in corporate networks.

2. It stores itself into the system as a DLL file with any name (eg c: windowssystem32zorizr.dll ).

3. It registers itself and the computer's service system with any name (eg knqdgsm ).

4. It tries to attack computers via 445 or 139 TCP ports, using MS Windows vulnerability MS08-067 security error.

5. It tries to connect to some of the following websites (we recommend setting up a network firewall to monitor connections to these websites):

http://www.getmyip.org
http://getmyip.co.uk
http://www.whatsmyipaddress.com
http://www.whatismyip.org
http://checkip.dyndns.org
http://schemas.xmlsoap.org/soap/envelope/
http://schemas.xmlsoap.org/soap/encoding/
http://schemas.xmlsoap.org/soap/envelope/
http://schemas.xmlsoap.org/soap/encoding/
http://trafficconverter.biz/4vir/antispyware/loadadv.exe
http://trafficconverter.biz
http://www.maxmind.com/download/geoip/database/GeoIP.dat.gz

These methods of killing viruses

Customers should use a special tool, kidokiller.exe, to remove this virus.

To prevent all servers and servers from being infected with this worm, you should do the following:

Install the latest version and bug from Microsoft for vulnerabilities MS08-067, MS08-068, MS09-001.
Make sure that the Local Administrator account's password is hard to find and easily hacked - the password should include at least 6 characters; use a mix of lowercase, uppercase, numbers and special characters (such as #,!, $, @ .).
Turn off the auto-run feature from removable drives.

The tool kidokiller.exe can be run directly on an infected computer, or remotely with the help of Kaspersky Administration Kit.

To remove the virus directly on the infected machine

1. Download the compressed file KidoKiller_v3.3.2.zip and extract it to a folder on the infected computer.

2. Run the file KidoKiller.exe

When the scan will appear many command line windows, press any button to minimize the window. For the command line to close automatically, you should run the tool KidoKiller.exe with the parameter -y .

3. Wait until the scan is complete.

If Agnitum Outpost Firewall is installed on the infected machine, it is required to restart the computer every time the tool is done.

4. Conduct a comprehensive scan of your computer with Kaspersky Anti-Virus

To remove the virus via the Administration Kit

1. Download the compressed file KidoKiller_v3.3.2.zip and extract it to a folder.

2. In Administration Kit console create installation package for application KidoKiller.exe . In the configuration installation package on the step Application select Make installation package for specified executable file .

In the Executable file command line (optional) field specify the -y parameter to close the console window automatically whenever the tool is done.

How to kill Net-Worm.Win32.Kido virus Picture 1

3. Create a global or task group for remote installation of the installation package to assign to computers and run the task.

The KidoKiller.exe tool can run on all computers on the network in the form of running tasks.

4. After each tool has finished, scan each computer for the network using Kaspersky Anti-Virus

If Agnitum Outpost Firewall is installed on the infected machine, it is required to restart the computer every time the tool is done.

For more information about this tool, run KidoKiller.exe with parameters –help .

Parameters manage KidoKiller.exe from the command line

-p - scan a defined folder
-f - scan the hard drive
-n - scan the network drive
-r - scan the removable drive
-y - end the program without pressing any key
-s - silent mode (does not display black screen window)
-l - write to a log file
-v - extended log maintenance (should be used with the -l parameter)
-help - display additional information about the tool

For example, in the case of scanning a removable disk and recording the report into a report.txt file (it will be created in the installation directory of KidoKiller.exe), use the following command:

 kidokiller.exe -r -y -l report.txt -v

The good news: finding antibodies can kill 99% of the HIV virus strain
scientists have tested this type of antibody against 24 monkeys. the results showed that monkeys were immune to hiv after injecting antibodies, although they continued to be infected with hiv.
Destroy the autorun virus in USB or on PC with 4 simple ways
because windows will perform these autorun.inf files first, some hackers take advantage of this to install the virus into the autorun file so that it can spread the virus easily to the entire system. this article will show you how to remove autorun virus from usb or pc.
No need to use an antivirus program, this is how to get rid of the virus on your computer
viruses can be illegally hacked into users' computers through various ways, such as during web browsing, or from usb devices or during the installation of applications and software.
How to fix when Facebook is infected with virus
facebook is infected with a virus that no user wants. with 9 basic steps in the following article of network administrator, you will be able to recover your facebook account and 'clean up' the obnoxious virus.
Alcoholic anti-virus like?
since 1988, alcohol has been recommended for handwashing to help fight germs. alcohol-based hand sanitizers called world health organization called alcohol preparations are designed to wash hands to neutralize microorganisms, or temporarily inhibit their growth.
What is the Pokki virus and how does it get rid of it?
the pokki virus usually affects the start menu on windows computers but it is also found on macs running os x. windows 8 and 10 are particularly vulnerable, although this virus can also affect any version. any other windows.
3 ways to identify a Mac infected with a virus
is your mac working a little strange? whether you are seeing ads that you cannot explain or your system is unusually slow, you may think the problem is due to malware. and you may be right in this case.
How to remove Trojan, Virus, Worm or Malware?
these are extremely dangerous programs. when your computer is attacked by a virus or malware, they will start to devastate your computer.
How to kill viruses, remove malicious codes on Android
in case your device has been attacked by a virus or malware, the following article will show you how to make the device safe, thus easily fixing malicious code on their android device. we are using
Xiaomi released a sterilizer, which can kill the nCoV virus
xiaoda disinfection lamp with the mechanism of operation is to use ultraviolet rays and dual ozone system to disperse ozone to kill ncov virus in the air.
Kill viruses, Windows 7 trojans without downloading software
software scans take a lot of your time, from installation to waiting for the completion process. not to mention some protection tools also consume a lot of memory. so why don't you try to manually perform the virus and trojan removal process on win 7 computer?
How to kill Vlove virus
the vietnamese internet community is witnessing a new 'flood' from the internal virus called vlove, spread through the most popular yahoo messenger instant messaging service today. virus sends im to the entire list frien