IPB

Welcome Guest ( Log In | Register )

 
Reply to this topicStart new topic
> problema con kido, se borra pero se crean rundll32
rramirep
post 11.03.2009 20:56
Post #1


Newbie
*

Group: Members
Posts: 1
Joined: 11.03.2009




Hola, mi problema es el siguiente, tengo kapersky administration kit 6.0.1710 actualizado y con los todos los parches actualizados tambien, incluyendo los que son para el kido. En mi server 2003 controlador de dominio tengo el antivirus 6.0 para servers, y en la red esta presente el kido.ih Pero el problema no es que lo identifique y elimine cuando es atacada la maquina, si lo hace, pero aun despues de borrarlo, me aparecen en el administrador de tareas procesos rundll32.exe que van en aumento. Ya he pasado el antivirus y no detecta nada.
Go to the top of the page
 
+Quote Post
Caos
post 11.03.2009 21:12
Post #2


Spanish Forum Moderator
***************

Group: Moderators
Posts: 17101
Joined: 25.09.2007
From: España (Spain)




Hola,

Te recomiendo que te revises las normas del foro, te serán de gran ayuda.

Postea toda la información que en ellas se pide (Versión y build de Kaspersky instalado, S.O. y servicepack instalados, postea tu getsysteminfo (gsi)
utilizando mejor la nueva versión que encontraras al final de mi post (en mi firma), postea tu avzlog para revisarlo, etc...) para que te podamos
ayudar.

Has revisado que el kido este totalmente erradicado de tu red, tanto del servidor como de todos los puestos, todos los puestos tienen instalado el kaspersky antivirus para workstations, que versión, que S.O., tienes todos instalados todos los parches de microsoft referentes al kido, de que fechas son las firmas de virus de los equipos y del servidor.

Has pasado el kidoremover por todos los equipos? Has seguido todos los pasos indicados aquí?

Saludos


--------------------
Go to the top of the page
 
+Quote Post
Caos
post 11.03.2009 21:45
Post #3


Spanish Forum Moderator
***************

Group: Moderators
Posts: 17101
Joined: 25.09.2007
From: España (Spain)




Revisa también las ultimas noticias sobre el kido:
http://www.kaspersky.com/news?id=207575766

QUOTE
Kaspersky Lab, a leading developer of secure content management systems, has detected a new modification of Kido. This latest variant differs from previous ones in that it extends the Trojan functionality used in earlier versions of the malicious program.

Net-Worm.Win32.Kido.ip, Net-Worm.Win32.Kido.iq, and other variants are all representative of this latest modification of Kido, which is capable of preventing antivirus products from functioning effectively on infected machines. The new variant of the malicious program also generates a dramatically increased number of unique domain names which it can contact to download daily updates: 50,000, in contrast to the 250 generated and contacted by previous versions.

“So far, the new version of Kido isn’t posing an epidemic threat,” said Vitaly Kamluk, senior antivirus expert. “However, if existing versions of Kido are replaced by the latest variant, this could make life a lot more difficult for those trying to combat the authors of this malicious program.”

Kido has Trojan Downloader functionality, which means that it delivers other malicious programs to infected computers. The first Kido infections were detected in November 2008.

A record for new Kido variants was added to Kaspersky Lab antivirus databases on Saturday, March 7.

Kaspersky Lab recommends again that all users install the relevant operating system security update (http://www.microsoft.com/technet/security/Bulletin/MS08-067.mspx). An antivirus solution with up-to-date signature databases and a properly configured firewall can also prevent infection. Users of Kaspersky Lab antivirus products who have installed the security update released by Microsoft are fully protected from Kido.


This post has been edited by Caos: 11.03.2009 21:45


--------------------
Go to the top of the page
 
+Quote Post

Reply to this topicStart new topic

 



Lo-Fi Version Time is now: 23.10.2014 03:01