Hi Friends
OS: Windows XP Sp2
Problem: Kasper 7.0 unable to delete WormWin32 Kido.ih. I am working in an organization and my one of the LAB infected with that worm. I have also tried KLWL, and kkiller utilites but they even did not detect this version of KIDO.IH.
Symptoms: Kido.ih drops a dll file in system32 which has a different name in each of my network PC. This file is sytem hidden and no one has rights to remove or rename it. Even KAV 7.0 only shows the skip option no delete no disinfect. This worm Also add a registry value which disallow user to show hidden files or folders. It also creates its SERVICE. When we attach any pen drive to the infected system pen drive automatically infected with that worm and this worm creates Autorun.inf and jwgkvsq.vmx file.
What I have tried: I tried every steps and able to remove that dll file in Safe mode. But its automatically creates again because the whole LAN is infected with that worm.
kido.ih sample which i found in my pen drive
Sample of Autorun.inf and jwgkvsq.vmx :
Please help