If you are connected with a network and if any PC in the network attacked with Win32.Kido virus, sometimes your Kaspersky Internet security notifies you this message, “Intrusion.Win.NETAPI.buffer-overflow.exploit! Attacker IP address: xxx.xxx.xxx.xxx. Protocol/service: TCP on local port 445.” and access to that computer is blocked.
The name of this virus is “Net-Worm.Win32.Kido” virus. When a PC attacked with this virus, it tries to access other PCs through network at port 445.
Methods of disinfection:
To remove this virus from the attacked PC, just follow the following steps:
* Download and install the patch from Microsoft that covers the vulnerability
http://www.microsoft.com/technet/security/bulletin/MS08-067.mspx
http://www.microsoft.com/technet/security/bulletin/ms08-068.mspx
http://www.microsoft.com/technet/security/bulletin/ms09-001.mspx
* Restart the PC.
* Download the archive KK_v3.4.6.zip and extract the contents into a folder on the infected PC.
Download : http://data2.kaspersky.com:8080/special/KK_v3.4.6.zip
* Then run KK.exe.
* Wait until the scan is complete.
* At last restart the PC.
Remember that, showing the message “Intrusion.Win.NETAPI.buffer-overflow.exploit” is not the problem of that PC, rather it is the problem of another PC on the network.
No comments:
Post a Comment