Sunday, March 21, 2010

Net-Worm.Win32.Kido virus Remover

If you are connected with a network and if any PC in the network attacked with Win32.Kido virus, sometimes your Kaspersky Internet security notifies you this message, “Intrusion.Win.NETAPI.buffer-overflow.exploit! Attacker IP address: xxx.xxx.xxx.xxx. Protocol/service: TCP on local port 445.” and access to that computer is blocked.

The name of this virus is “Net-Worm.Win32.Kido” virus. When a PC attacked with this virus, it tries to access other PCs through network at port 445.

Methods of disinfection:

To remove this virus from the attacked PC, just follow the following steps:

* Download and install the patch from Microsoft that covers the vulnerability

http://www.microsoft.com/technet/security/bulletin/MS08-067.mspx
http://www.microsoft.com/technet/security/bulletin/ms08-068.mspx
http://www.microsoft.com/technet/security/bulletin/ms09-001.mspx

* Restart the PC.

* Download the archive KK_v3.4.6.zip and extract the contents into a folder on the infected PC.
Download : http://data2.kaspersky.com:8080/special/KK_v3.4.6.zip


* Then run KK.exe.

* Wait until the scan is complete.

* At last restart the PC.

Remember that, showing the message “Intrusion.Win.NETAPI.buffer-overflow.exploit” is not the problem of that PC, rather it is the problem of another PC on the network.

No comments: