shinoykurian

Kido removal

4 posts in this topic

Hi

 

I have some kido.ih virus detected in my USB flash drive , which kaspersky unable to clean /disinfect , please help,

OS vista home premium , sp2 . /KAV 2009.

 

I am attaching the sysinfo.zip

 

19/07/09 20:05:51 File K:\ autorun.inf Postponed

19/07/09 20:16:13 File K:\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx/PE_Patch.UPX/ UPX Postponed

sysinfo.zip

Edited by Shinoy

Share this post


Link to post
Share on other sites

hello

with the stick inserted, run this script:

begin
SetAVZGuardStatus(True);
SearchRootkit(true, true);
QuarantineFile('K:\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx','');
DeleteFile('K:\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx');
QuarantineFile('K:\ autorun.inf','');
DeleteFile('K:\ autorun.inf');
BC_ImportDeletedList;
ExecuteSysClean;
BC_Activate;
RebootWindows(true);
end.

 

instructions: http://forum.kaspersky.com/index.php?showt...st&p=678328

 

and do another scan after the reboot

Share this post


Link to post
Share on other sites

Hi,

 

I have executed the script as it is, but only one infection cleaned,the other is still there -the autorun.inf not deleted.

 

please help

Thank you.

 

Shinoy.

 

 

hello

with the stick inserted, run this script:

begin
SetAVZGuardStatus(True);
SearchRootkit(true, true);
QuarantineFile('K:\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx','');
DeleteFile('K:\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx');
QuarantineFile('K:\ autorun.inf','');
DeleteFile('K:\ autorun.inf');
BC_ImportDeletedList;
ExecuteSysClean;
BC_Activate;
RebootWindows(true);
end.

 

instructions: http://forum.kaspersky.com/index.php?showt...st&p=678328

 

and do another scan after the reboot

 

Share this post


Link to post
Share on other sites

Thanks Mr Lucian Bara,

 

It is fine , there was unwanted space in this K: \autorun.inf , when I removed that , it got deleted.

 

Thank you

 

Shinoy.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.