Раза 3-4 в день появляется вирус
"удалено: вирус Net-Worm.Win32.Kido.ih Файл: C:\WINDOWS\System32\wqhvio.yzm"
Предлагается вылечить - не лечится, удаляется.
Через некоторое время опять так появляется.
Сканировал KK.zip 3.4.13 нашлась 1 job только - проблема осталась
Базы каждые 2 часа обновлял, касперский переустанавливал - все осталось.
Прогонял все через AVZ с последними базами - ничего не нашлось.
Еще заметил:
- Происходят виндоус звуки разные - типа ошибка, или наоборот типа закончилось копирование например - но я ничего не делал и ничего не вылетало.
- Появились 2 устройства в оборудовании "Неизвестное устройство" - каждый раз при загрузки винды оба пытаются найти дрова, галочка "больше не напоминать об установки..." не помогает - все равно пытаются искаться какие-то драйверы.
Помогите, новичку в этом деле.
Версия 6.0.3.
Качал 6 SOS - но ключ не подошел - в общем не понял че качать и где брать, но вроде слышал что 6.0.4 есть
add: что-то ацки тупить начало:
впн подключение к интернету написано отключено - а интернет есть, а подключиться не могу и соответственно отключить его, как бы скрытое подключение уже есть.
Full Version: Kido не вылечивается
QUOTE(Ranger13 @ 28.10.2009 16:58) 
Раза 3-4 в день появляется вирус
"удалено: вирус Net-Worm.Win32.Kido.ih Файл: C:\WINDOWS\System32\wqhvio.yzm"
Предлагается вылечить - не лечится, удаляется.
Через некоторое время опять так появляется.
Сканировал KK.zip 3.4.13 нашлась 1 job только - проблема осталась
Базы каждые 2 часа обновлял, касперский переустанавливал - все осталось.
Прогонял все через AVZ с последними базами - ничего не нашлось.
Еще заметил:
- Происходят виндоус звуки разные - типа ошибка, или наоборот типа закончилось копирование например - но я ничего не делал и ничего не вылетало.
- Появились 2 устройства в оборудовании "Неизвестное устройство" - каждый раз при загрузки винды оба пытаются найти дрова, галочка "больше не напоминать об установки..." не помогает - все равно пытаются искаться какие-то драйверы.
Помогите, новичку в этом деле.
Версия 6.0.3.
Качал 6 SOS - но ключ не подошел - в общем не понял че качать и где брать, но вроде слышал что 6.0.4 есть
add: что-то ацки тупить начало:
впн подключение к интернету написано отключено - а интернет есть, а подключиться не могу и соответственно отключить его, как бы скрытое подключение уже есть.
"удалено: вирус Net-Worm.Win32.Kido.ih Файл: C:\WINDOWS\System32\wqhvio.yzm"
Предлагается вылечить - не лечится, удаляется.
Через некоторое время опять так появляется.
Сканировал KK.zip 3.4.13 нашлась 1 job только - проблема осталась
Базы каждые 2 часа обновлял, касперский переустанавливал - все осталось.
Прогонял все через AVZ с последними базами - ничего не нашлось.
Еще заметил:
- Происходят виндоус звуки разные - типа ошибка, или наоборот типа закончилось копирование например - но я ничего не делал и ничего не вылетало.
- Появились 2 устройства в оборудовании "Неизвестное устройство" - каждый раз при загрузки винды оба пытаются найти дрова, галочка "больше не напоминать об установки..." не помогает - все равно пытаются искаться какие-то драйверы.
Помогите, новичку в этом деле.
Версия 6.0.3.
Качал 6 SOS - но ключ не подошел - в общем не понял че качать и где брать, но вроде слышал что 6.0.4 есть
add: что-то ацки тупить начало:
впн подключение к интернету написано отключено - а интернет есть, а подключиться не могу и соответственно отключить его, как бы скрытое подключение уже есть.
Думаю уместным писать в топик по борьбе с вирусами или хотябы его пролистать, вопрос неоднократно подымался.
Net-Worm.Win32.Kido removing tool, Kaspersky Lab 2009
version 3.4.13 Oct 21 2009 18:07:06
scanning jobs ...
scanning processes ...
scanning threads ...
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
scanning modules in svchost.exe...
Spliced function NtQueryInformationProcess fixed in ntdll.dll module of process
with PID 1512
Spliced function NetpwPathCanonicalize fixed in netapi32.dll module of process w
ith PID 1512
Spliced function NtQueryInformationProcess fixed in ntdll.dll module of process
with PID 1732
Spliced function DnsQuery_A fixed in dnsapi.dll module of process with PID 1732
Spliced function DnsQuery_UTF8 fixed in dnsapi.dll module of process with PID 17
32
Spliced function DnsQuery_W fixed in dnsapi.dll module of process with PID 1732
Spliced function Query_Main fixed in dnsapi.dll module of process with PID 1732
scanning modules in services.exe...
scanning modules in explorer.exe...
scanning C:\WINDOWS\system32 ...
C:\WINDOWS\system32\wqhvio.dll infected Net-Worm.Win32.Kido ... cured
scanning C:\Program Files\Internet Explorer\ ...
scanning C:\Program Files\Movie Maker\ ...
scanning C:\Program Files\Windows Media Player\ ...
scanning C:\Program Files\Windows NT\ ...
scanning C:\Documents and Settings\Admin\Application Data ...
scanning C:\DOCUME~1\Admin\LOCALS~1\Temp\ ...
scanning Flash drives ...
scanning E:\ ...
E:\autorun.inf infected Net-Worm.Win32.Kido ... cured
E:\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx infected
Net-Worm.Win32.Kido ... cured
completed
Infected jobs: 0
Infected files: 3
Infected threads: 195
Spliced functions: 7
Cured files: 3
Fixed registry keys: 2
Для продолжения нажмите любую клавишу . . .
Просканировал опять, ибо не мог зайти на этот форум.
Я 2 ветки там прошел - ничего не нашел именно подобного - а потратил целый час, работу работать надо(
version 3.4.13 Oct 21 2009 18:07:06
scanning jobs ...
scanning processes ...
scanning threads ...
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
Infected thread was killed in process svchost.exe with PID 1512
scanning modules in svchost.exe...
Spliced function NtQueryInformationProcess fixed in ntdll.dll module of process
with PID 1512
Spliced function NetpwPathCanonicalize fixed in netapi32.dll module of process w
ith PID 1512
Spliced function NtQueryInformationProcess fixed in ntdll.dll module of process
with PID 1732
Spliced function DnsQuery_A fixed in dnsapi.dll module of process with PID 1732
Spliced function DnsQuery_UTF8 fixed in dnsapi.dll module of process with PID 17
32
Spliced function DnsQuery_W fixed in dnsapi.dll module of process with PID 1732
Spliced function Query_Main fixed in dnsapi.dll module of process with PID 1732
scanning modules in services.exe...
scanning modules in explorer.exe...
scanning C:\WINDOWS\system32 ...
C:\WINDOWS\system32\wqhvio.dll infected Net-Worm.Win32.Kido ... cured
scanning C:\Program Files\Internet Explorer\ ...
scanning C:\Program Files\Movie Maker\ ...
scanning C:\Program Files\Windows Media Player\ ...
scanning C:\Program Files\Windows NT\ ...
scanning C:\Documents and Settings\Admin\Application Data ...
scanning C:\DOCUME~1\Admin\LOCALS~1\Temp\ ...
scanning Flash drives ...
scanning E:\ ...
E:\autorun.inf infected Net-Worm.Win32.Kido ... cured
E:\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx infected
Net-Worm.Win32.Kido ... cured
completed
Infected jobs: 0
Infected files: 3
Infected threads: 195
Spliced functions: 7
Cured files: 3
Fixed registry keys: 2
Для продолжения нажмите любую клавишу . . .
Просканировал опять, ибо не мог зайти на этот форум.
Я 2 ветки там прошел - ничего не нашел именно подобного - а потратил целый час, работу работать надо(
http://forum.kaspersky.com/index.php?showtopic=115253
Po4emuto na russkiy ne pereklyu4aetsya - no ya uzhe zavtra po4itayu
Po4emuto na russkiy ne pereklyu4aetsya - no ya uzhe zavtra po4itayu
2Ranger13
Обновить версию АВ.
Устроить оффлайн проверку самым свежаком.
Обновить версию АВ.
Устроить оффлайн проверку самым свежаком.
Установил 6.0.4 - обновил проверил ВСЕ. Ничего не нашлось. Файл до сих пор регулярно появляется
Удалено вирус Net-Worm.Win32.Kido.ih C:\WINDOWS\system32\wqhvio.yzm 29.10.2009 19:58:24
Удалено вирус Net-Worm.Win32.Kido.ih C:\WINDOWS\system32\wqhvio.yzm 29.10.2009 19:58:24
Скачайте GMER по одной из указанных ссылок:
Gmer со случайным именем (рекомендуется), Gmer в zip-архиве (перед применением распаковать в отдельную папку)
- Запустите программу (пользователям Vista запускать от имени Администратора по правой кнопке мыши).
Начнется экспресс-проверка. При появлении окна с сообщением о деятельности руткита, нажмите No.
После завершения экспресс-проверки в правой части окна программы уберите метку со следующих пунктов:
- Нажмите на кнопку Scan и дождитесь окончания проверки. При появлении окна с сообщением о деятельности руткита, нажмите OK.
После окончания проверки сохраните его лог (нажмите на кнопку Save) и вложите в сообщение.
Gmer со случайным именем (рекомендуется), Gmer в zip-архиве (перед применением распаковать в отдельную папку)
- Запустите программу (пользователям Vista запускать от имени Администратора по правой кнопке мыши).
Начнется экспресс-проверка. При появлении окна с сообщением о деятельности руткита, нажмите No.
После завершения экспресс-проверки в правой части окна программы уберите метку со следующих пунктов:
- Sections
- IAT/EAT
- Show all
- Нажмите на кнопку Scan и дождитесь окончания проверки. При появлении окна с сообщением о деятельности руткита, нажмите OK.
После окончания проверки сохраните его лог (нажмите на кнопку Save) и вложите в сообщение.
Действую по инструкции ( http://forum.kaspersky.com/index.php?showtopic=68668 )и сразу наткнулся на
"Перед выполнением инструкции обязательно отключите функцию восстановления системы"
У меня XP SP3 - Но нет такой вкладки.
"Перед выполнением инструкции обязательно отключите функцию восстановления системы"
У меня XP SP3 - Но нет такой вкладки.
Пропустите и выполняйте правила дальше.
вот
В логе чисто. Компьютер в локалке? Если да, то вполне возможно она лезет из сети.
Компьютер в локалке только с 1 компом.
Но есть большая локалка - внутрисеть провайдера 2к+ компов.
Что посоветуете? КИС?
Но есть большая локалка - внутрисеть провайдера 2к+ компов.
Что посоветуете? КИС?
Логов после выполнения стандартных правил раздела http://forum.kaspersky.com/index.php?showtopic=68668 от Вас так и не увидели. Сделайте их
Следующий чуть попозже.
В логах чисто.
Файл перестал создаваться и антивирус перестал кричать, когда я сам создал такой же файл там и поставил только для чтения.
Ну вроде норм.
Ну вроде норм.
давайте еще посмотрим на уязвимости вашей системы
Выполните в AVZ скрипт из файла ScanVuln.txt и приложите к этой теме файл c:\avz_log.txt
Выполните в AVZ скрипт из файла ScanVuln.txt и приложите к этой теме файл c:\avz_log.txt
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.