Utility to remove the worm Net-Worm.Win32.Kido - KK 3.4

The sale of this product is suspended.

Try to search similar items from other sellers.

Sold: 0
Uploaded: 11.10.2009
Content: kk.zip 154,01 kB

Product description


The tool is designed to treat a computer worm infected network Net-Worm.Win32.Kido (information from the website program)

Additional information

The tool is designed to treat a computer worm infected network Net-Worm.Win32.Kido (information from the website program)


Symptoms of the infection in the network
# If there zarazhnnyh computers in the local network increases the amount of network traffic, as with these computer network attack starts.
# Antivirus applications with an active firewall reports about the attack Intrusion.Win.NETAPI.buffer-ov erflow.exploit.
# It is impossible to access websites of the majority of antivirus companies, for example, avira, avast, esafe, drweb, eset, nod32, f-secure, panda, kaspersky, etc.
# An attempt to activate Kaspersky Anti-Virus or Kaspersky Internet Security with an activation code at a computer infected network worm Net-Worm.Win32.Kido, may fail and either of the errors: Activation error. Activation procedure completed with system error 2; Activation error. Unable to connect to server; Activation error. Server name can not be resolved.

Brief description of the family of Net-Worm.Win32.Kido. </ P>
# Creates a removable media (sometimes on public network shares) files autorun.inf and RECYCLED {SID <....>} RANDO M_NAME.vmx
# The system is stored in the form of a worm dll-file with a random name composed of letters, for example c: windowssystem32zorizr.dll
# It registers itself in services - also with a random name composed of letters, for example knqdgsm.
# It tries to attack network computers via 445 or 139 TCP port, using a vulnerability in the operating system Windows MS08-067.
# Refer to the following sites (we recommend configuring a network firewall rule to monitor treatment to them): http://www.getmyip.org, http://getmyip.co.uk, http://www.whatsmyipaddress.co m, http : //www.whatismyip.org, http://checkip.dyndns.org

Methods for removing
Removing the worm is produced using a special utility kk.exe.
Warning! For the purpose of protection from infection at all workstations and servers in the network is necessary to hold the next set of measures:
# Install the patch that covers the vulnerability MS08-067 (http://www.microsoft.com/tech net / security / bulletin / MS08-067 .mspx), MS08-068 (http://www.microsoft.com/tech net / security / bulletin / ms08-068 .mspx), MS09-001 (http://www.microsoft.com/tech net / security / bulletin / ms09-001 .mspx).
# Make sure that the password is the local administrator account is resistant to cracking - The password must contain at least six characters, with different registers and / or numbers. Either change the previously set the local administrator password.
# Disable autorun of executable files from removable media.
# Block access to TCP-ports 445 and 139 using a network screen.

Removing the worm kk.exe utility can be run locally on the infected computer or centrally, if the network is deployed set of Kaspersky Administration Kit.

Feedback

0
Period
1 month 3 months 12 months
0 0 0
0 0 0
In order to counter copyright infringement and property rights, we ask you to immediately inform us at support@plati.market the fact of such violations and to provide us with reliable information confirming your copyrights or rights of ownership. Email must contain your contact information (name, phone number, etc.)

This website uses cookies to provide a more effective user experience. See our Cookie policy for details.