Jump to content
  • Announcements

    • Rodion Nagornov

      Долгое сохранение сообщений || Delays while posting   09/20/2017

      По техническим причинам возможно визуально долгое отправление сообщений на форуме. Фактически ваше сообщение публикуется мгновенно - долго отрабатывает графика. В случае подобной ситуации, пожалуйста, сначала обновите страницу (F5) и проверьте, появилось ли ваше сообщение. Не пытайтесь сразу отправить его заново.  || Due to some technical reasons visual delays are possible while message sending. Actually your message is published immediately - just interface works long. In such case, please, do not re-send your message immediately! Press F5 to reload the page and check if your message/topic is published.
Sign in to follow this  
rramirep@ucsg.edu.ec

problema con kido, se borra pero se crean rundll32

Recommended Posts

Hola, mi problema es el siguiente, tengo kapersky administration kit 6.0.1710 actualizado y con los todos los parches actualizados tambien, incluyendo los que son para el kido. En mi server 2003 controlador de dominio tengo el antivirus 6.0 para servers, y en la red esta presente el kido.ih Pero el problema no es que lo identifique y elimine cuando es atacada la maquina, si lo hace, pero aun despues de borrarlo, me aparecen en el administrador de tareas procesos rundll32.exe que van en aumento. Ya he pasado el antivirus y no detecta nada.

Share this post


Link to post
Share on other sites
Caos   

Hola,

 

Te recomiendo que te revises las normas del foro, te serán de gran ayuda.

 

Postea toda la información que en ellas se pide (Versión y build de Kaspersky instalado, S.O. y servicepack instalados, postea tu getsysteminfo (gsi)

utilizando mejor la nueva versión que encontraras al final de mi post (en mi firma), postea tu avzlog para revisarlo, etc...) para que te podamos

ayudar.

 

Has revisado que el kido este totalmente erradicado de tu red, tanto del servidor como de todos los puestos, todos los puestos tienen instalado el kaspersky antivirus para workstations, que versión, que S.O., tienes todos instalados todos los parches de microsoft referentes al kido, de que fechas son las firmas de virus de los equipos y del servidor.

 

Has pasado el kidoremover por todos los equipos? Has seguido todos los pasos indicados aquí?

 

Saludos

 

Share this post


Link to post
Share on other sites
Caos   

Revisa también las ultimas noticias sobre el kido:

http://www.kaspersky.com/news?id=207575766

 

Kaspersky Lab, a leading developer of secure content management systems, has detected a new modification of Kido. This latest variant differs from previous ones in that it extends the Trojan functionality used in earlier versions of the malicious program.

 

Net-Worm.Win32.Kido.ip, Net-Worm.Win32.Kido.iq, and other variants are all representative of this latest modification of Kido, which is capable of preventing antivirus products from functioning effectively on infected machines. The new variant of the malicious program also generates a dramatically increased number of unique domain names which it can contact to download daily updates: 50,000, in contrast to the 250 generated and contacted by previous versions.

 

“So far, the new version of Kido isn’t posing an epidemic threat,” said Vitaly Kamluk, senior antivirus expert. “However, if existing versions of Kido are replaced by the latest variant, this could make life a lot more difficult for those trying to combat the authors of this malicious program.”

 

Kido has Trojan Downloader functionality, which means that it delivers other malicious programs to infected computers. The first Kido infections were detected in November 2008.

 

A record for new Kido variants was added to Kaspersky Lab antivirus databases on Saturday, March 7.

 

Kaspersky Lab recommends again that all users install the relevant operating system security update (http://www.microsoft.com/technet/security/Bulletin/MS08-067.mspx). An antivirus solution with up-to-date signature databases and a properly configured firewall can also prevent infection. Users of Kaspersky Lab antivirus products who have installed the security update released by Microsoft are fully protected from Kido.

Edited by Caos

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×