Infected: virus Net-Worm.Win32.Kido.ih

Hi Friends

OS: Windows XP Sp2

Problem: Kasper 7.0 unable to delete WormWin32 Kido.ih. I am working in an organization and my one of the LAB infected with that worm. I have also tried KLWL, and kkiller utilites but they even did not detect this version of KIDO.IH.

Symptoms: Kido.ih drops a dll file in system32 which has a different name in each of my network PC. This file is sytem hidden and no one has rights to remove or rename it. Even KAV 7.0 only shows the skip option no delete no disinfect. This worm Also add a registry value which disallow user to show hidden files or folders. It also creates its SERVICE. When we attach any pen drive to the infected system pen drive automatically infected with that worm and this worm creates Autorun.inf and jwgkvsq.vmx file.

What I have tried: I tried every steps and able to remove that dll file in Safe mode. But its automatically creates again because the whole LAN is infected with that worm.

kido.ih sample which i found in my pen drive

Sample of Autorun.inf and jwgkvsq.vmx :

formatting link
for Win_32_Worm_kido.ih_Sample.rar " kido " without Quito

Please help

Reply to
itsallaobutgame
Loading thread data ...

On 03/25/2009 10:38 PM, itsallaobutgame sent:

Please try the "Removal instructions" here:

Follow with a scan with the free version of:

Please make absolute sure that you have installed this patch:

Pete

Reply to
1PW

You definitely should flatten and rebuild every infected system. Additionally you should find out, how this thing was spread.

You should not try to remove - this will not work in a secure way.

Yours, VB.

Reply to
Volker Birk

Better don't do this. Such "removal instructions" are a make-believe.

Better read this text:

Yours, VB.

Reply to
Volker Birk

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.