IPB

Welcome Guest ( Log In | Register )

7 Pages V   1 2 3 > »   
Closed TopicStart new topic
> Net-Worm.Win32.kido.ih can remove, Help me ASAP
manawa
post 13.01.2009 08:11
Post #1


Advanced Member II
****

Group: Public Testers
Posts: 309
Joined: 25.09.2007
From: Sri Lanka




Hello,

We have a big issue with this Net-Worm.Win32.kido.ih variation of Net-Worm.Win32.kido
Kaspersky Av for workstation 6.0.3.837 is detecting this Net-Worm.Win32.kido.ih but it can't delete or disinfect.
kaspersky says after detecting can't delete because there is not write access. we have try to delete in safe mode but can't delete. and also we have tried klwk tool but it won't detected also because Net-Worm.Win32.kido.ih definition file is not in that
tool.

So can someone help to remove this virus Net-Worm.Win32.kido.ih from our network because we have more than 500 clients infected by this virus. we have also installed the windows patch regarding this virus already. please check screen shots i have provide that is what we found on our systems. there is duplicate virus service & random dll

please help me ASAP.

Thank you!

edit: topic closed after being bumped up after 30 months of inactivity.

This post has been edited by richbuff: 15.09.2011 12:17


--------------------
Kaspersky Lab Certified Data Security Technician

Avian - Kaspersky Lab's Sri Lanka\Maldives Distributor www.avian.lk
Go to the top of the page
 
+Quote Post
namh
post 13.01.2009 08:40
Post #2


Advanced Member I
***

Group: Members
Posts: 56
Joined: 21.02.2008




I also facing this problem, where the kido.ih virus cant be deleted. I have try scanning in safe mode, and also rescue disk. But both method also failed.

Finally, I use AVZ to scan the system. Surprisingly, it can delete the file with "write access is denied". So, maybe you can try to scan the system with AVZ, which can be download here: http://www.z-oleg.com/avz4.zip
Go to the top of the page
 
+Quote Post
manawa
post 13.01.2009 20:48
Post #3


Advanced Member II
****

Group: Public Testers
Posts: 309
Joined: 25.09.2007
From: Sri Lanka




QUOTE(namh @ 13.01.2009 11:10) *
I also facing this problem, where the kido.ih virus cant be deleted. I have try scanning in safe mode, and also rescue disk. But both method also failed.

Finally, I use AVZ to scan the system. Surprisingly, it can delete the file with "write access is denied". So, maybe you can try to scan the system with AVZ, which can be download here: http://www.z-oleg.com/avz4.zip


thanks for reply. what about the virus service? Is it getting deleted also? are you really sure about this?
we have a more than 500 pc's infected. So this will be really hard job.
.

This post has been edited by manawa: 13.01.2009 20:55


--------------------
Kaspersky Lab Certified Data Security Technician

Avian - Kaspersky Lab's Sri Lanka\Maldives Distributor www.avian.lk
Go to the top of the page
 
+Quote Post
ambadmin
post 15.01.2009 15:55
Post #4


Member
**

Group: Members
Posts: 10
Joined: 15.01.2009




HI,
I have the exactly same problem but avz doesnt work..


--------------------
Go to the top of the page
 
+Quote Post
Helmut
post 15.01.2009 16:07
Post #5


True legend
***************

Group: Gold beta testers
Posts: 12001
Joined: 23.06.2005




Look this thread.

davinci has posted a link from KL.
Go to the top of the page
 
+Quote Post
manawa
post 16.01.2009 13:27
Post #6


Advanced Member II
****

Group: Public Testers
Posts: 309
Joined: 25.09.2007
From: Sri Lanka




QUOTE(Helmut @ 15.01.2009 18:37) *
Look this thread.

davinci has posted a link from KL.


Dear Helmut,

I have tried that but won't help. That kaspersky tool won't detect Net-Worm.Win32.kido.ih variation.
So what should i do now?




--------------------
Kaspersky Lab Certified Data Security Technician

Avian - Kaspersky Lab's Sri Lanka\Maldives Distributor www.avian.lk
Go to the top of the page
 
+Quote Post
Caos
post 16.01.2009 13:33
Post #7


Spanish Forum Moderator
***************

Group: Moderators
Posts: 16429
Joined: 25.09.2007
From: España (Spain)




Have you tried this.

And the utility klwk ?


--------------------
Go to the top of the page
 
+Quote Post
manawa
post 16.01.2009 13:36
Post #8


Advanced Member II
****

Group: Public Testers
Posts: 309
Joined: 25.09.2007
From: Sri Lanka




QUOTE(Caos @ 16.01.2009 16:03) *
Have you tried this.

And the utility klwk ?


Yes. but it won't detect Net-Worm.Win32.kido.ih variation of kido


--------------------
Kaspersky Lab Certified Data Security Technician

Avian - Kaspersky Lab's Sri Lanka\Maldives Distributor www.avian.lk
Go to the top of the page
 
+Quote Post
Caos
post 16.01.2009 13:39
Post #9


Spanish Forum Moderator
***************

Group: Moderators
Posts: 16429
Joined: 25.09.2007
From: España (Spain)




Send the infected files to Kaspersky (newvirus@kaspersky.com) or send me the infected files (rar compressed and password protected "infected"), for review.


--------------------
Go to the top of the page
 
+Quote Post
manawa
post 16.01.2009 13:42
Post #10


Advanced Member II
****

Group: Public Testers
Posts: 309
Joined: 25.09.2007
From: Sri Lanka




QUOTE(Caos @ 16.01.2009 16:09) *
Send the infected files to Kaspersky (newvirus@kaspersky.com) or send me the infected files (rar compressed and password protected "infected"), for review.



Dear Caos,

I think you didn't understand our situation. please read my 1st post.


--------------------
Kaspersky Lab Certified Data Security Technician

Avian - Kaspersky Lab's Sri Lanka\Maldives Distributor www.avian.lk
Go to the top of the page
 
+Quote Post
Caos
post 16.01.2009 13:48
Post #11


Spanish Forum Moderator
***************

Group: Moderators
Posts: 16429
Joined: 25.09.2007
From: España (Spain)




QUOTE(manawa @ 16.01.2009 10:42) *
Dear Caos,

I think you didn't understand our situation. please read my 1st post.


The Kaspersky utility to remove this virus is klwk, it klwk don´t detect this variant, need samples for review and add to klwk utility.
It´s my opinion.

QUOTE
How to fight network worm Net-Worm.Win32.Kido

Methods of disinfection.

Regardless of the selected disinfection method, it is obligatory that the patch from Microsoft, that covers the vulnerability MS08-067, is installed. More information via the link: http://www.microsoft.com/technet/security/...n/MS08-067.mspx

A special utility should be used to remove this worm. Utility can be run locally on the infected PC, or remotely with the help of Kaspersky Administration Kit.

* To remove the virus locally:

1. Download the archive with the utility (klwk.zip) and extract the contents into a folder on the infected PC.

2. Run file run_klwk.bat

3. Wait till the scanning is complete.

* To remove the virus via Administration Kit:

1. Download the archive with the utility klwk.zip and extract contents into a folder.

2. In Administration Kit console create installation package for application klwk.com. In the installation package settings indicate command line parameters:

/path %WINDIR%\system32

3. Create a task for remote installation of the package to designated computers and run the task.

After the scanning is complete a window with the scan results will stay open, and it will be closed if any key is pressed.

To close this window automatically you can run the utility KLWK with additional parameter /y

/y /path %WINDIR%\system32


This post has been edited by Caos: 16.01.2009 13:50


--------------------
Go to the top of the page
 
+Quote Post
manawa
post 16.01.2009 13:50
Post #12


Advanced Member II
****

Group: Public Testers
Posts: 309
Joined: 25.09.2007
From: Sri Lanka




QUOTE(Caos @ 16.01.2009 16:18) *
The Kaspersky utility to remove this virus is klwk, it klwk don´t detect this variant, need samples for review and add to klwk utility.
It´s my opinion.


If you need a sample i can send it to you. how do i send it to you?


--------------------
Kaspersky Lab Certified Data Security Technician

Avian - Kaspersky Lab's Sri Lanka\Maldives Distributor www.avian.lk
Go to the top of the page
 
+Quote Post
Caos
post 16.01.2009 13:52
Post #13


Spanish Forum Moderator
***************

Group: Moderators
Posts: 16429
Joined: 25.09.2007
From: España (Spain)




Send me one pm with the sample or upload the sample to www.rapidshare.com (winrar compressed and password protected "infected") and send me one pm with the link.

This post has been edited by Caos: 16.01.2009 13:53


--------------------
Go to the top of the page
 
+Quote Post
manawa
post 16.01.2009 13:57
Post #14


Advanced Member II
****

Group: Public Testers
Posts: 309
Joined: 25.09.2007
From: Sri Lanka




QUOTE(Caos @ 16.01.2009 16:22) *
Send me one pm with the sample or upload the sample to www.rapidshare.com (winrar compressed and password protected "infected") and send me one pm with the link.



I have tried to do that but it says Upload failed. Please ask the administrator to check the settings and permissions. i'll tried with Rapaid share.


--------------------
Kaspersky Lab Certified Data Security Technician

Avian - Kaspersky Lab's Sri Lanka\Maldives Distributor www.avian.lk
Go to the top of the page
 
+Quote Post
Caos
post 16.01.2009 14:03
Post #15


Spanish Forum Moderator
***************

Group: Moderators
Posts: 16429
Joined: 25.09.2007
From: España (Spain)




Tried with rapidshare, send me mp with the link.


--------------------
Go to the top of the page
 
+Quote Post
srle
post 16.01.2009 17:28
Post #16


Kaspersky Labs partner
***

Group: Members
Posts: 188
Joined: 6.06.2005
From: Serbia




QUOTE(Caos @ 16.01.2009 11:03) *
Tried with rapidshare, send me mp with the link.



Hello,
i am also interested in that version of kido worm, can you post info on the forum if you find some solution for it ?

tnx
Go to the top of the page
 
+Quote Post
Ypiamba
post 16.01.2009 17:46
Post #17


Newbie
*

Group: Members
Posts: 2
Joined: 20.11.2008




Hello We have the same problem with this virus and the variants. To resolve the problem temporaly, we most go host by host doing the desinfection. We reload system in safe mode and then the file wich kaspersky detect but it doesn´t eliminated, we change the segurity permisions on the file, and then we eliminate the file. but it´s very important to install the parches of Windows, if you don´t apply the actualizations of windows, the machine infecte again. this virus use the port 445 to send very much traffic on the network and to generate an indisponible system.
Go to the top of the page
 
+Quote Post
Caos
post 16.01.2009 18:32
Post #18


Spanish Forum Moderator
***************

Group: Moderators
Posts: 16429
Joined: 25.09.2007
From: España (Spain)




Kaspersky it´s working on it.


--------------------
Go to the top of the page
 
+Quote Post
Goliva
post 16.01.2009 19:24
Post #19


Newbie
*

Group: Members
Posts: 3
Joined: 16.01.2009




QUOTE(manawa @ 16.01.2009 12:36) *
Yes. but it won't detect Net-Worm.Win32.kido.ih variation of kido


We have exactly the same problem dash1.gif Please, if you find any solutions don't forget to post them here. Thank you in advance!
Go to the top of the page
 
+Quote Post
ilikekasper
post 16.01.2009 19:51
Post #20


Member
**

Group: Members
Posts: 35
Joined: 15.01.2009




Oh, i hate this problem. And finaly I re-installed my system.

This post has been edited by ilikekasper: 16.01.2009 19:57


--------------------
I am a cool man!
Go to the top of the page
 
+Quote Post

7 Pages V   1 2 3 > » 
Closed TopicStart new topic

 



Lo-Fi Version Time is now: 20.04.2014 02:15