- Cell Phones 609
- Editors 244
- Education, Science & Engineering 290
- Games 1649
- Internet 545
- Mobile Software 26
- Multimedia & Graphics 1028
- PC 380
- Programming 345
- Security 1358
- Antivirus 351
- Data Recovery 33
- Password Recovery 15
- PC, OS And Network Security 80
- VPN 821
- Miscellaneous 58
- SEO 60
- Utilities 815
Utility to remove the worm Net-Worm.Win32.Kido - KK 3.4
Uploaded: 11.10.2009
Content: kk.zip 154,01 kB
Product description
The tool is designed to treat a computer worm infected network Net-Worm.Win32.Kido (information from the website program)
Additional information
The tool is designed to treat a computer worm infected network Net-Worm.Win32.Kido (information from the website program)
Symptoms of the infection in the network
# If there zarazhnnyh computers in the local network increases the amount of network traffic, as with these computer network attack starts.
# Antivirus applications with an active firewall reports about the attack Intrusion.Win.NETAPI.buffer-ov erflow.exploit.
# It is impossible to access websites of the majority of antivirus companies, for example, avira, avast, esafe, drweb, eset, nod32, f-secure, panda, kaspersky, etc.
# An attempt to activate Kaspersky Anti-Virus or Kaspersky Internet Security with an activation code at a computer infected network worm Net-Worm.Win32.Kido, may fail and either of the errors: Activation error. Activation procedure completed with system error 2; Activation error. Unable to connect to server; Activation error. Server name can not be resolved.
Brief description of the family of Net-Worm.Win32.Kido. </ P>
# Creates a removable media (sometimes on public network shares) files autorun.inf and RECYCLED {SID <....>} RANDO M_NAME.vmx
# The system is stored in the form of a worm dll-file with a random name composed of letters, for example c: windowssystem32zorizr.dll
# It registers itself in services - also with a random name composed of letters, for example knqdgsm.
# It tries to attack network computers via 445 or 139 TCP port, using a vulnerability in the operating system Windows MS08-067.
# Refer to the following sites (we recommend configuring a network firewall rule to monitor treatment to them): http://www.getmyip.org, http://getmyip.co.uk, http://www.whatsmyipaddress.co m, http : //www.whatismyip.org, http://checkip.dyndns.org
Methods for removing
Removing the worm is produced using a special utility kk.exe.
Warning! For the purpose of protection from infection at all workstations and servers in the network is necessary to hold the next set of measures:
# Install the patch that covers the vulnerability MS08-067 (http://www.microsoft.com/tech net / security / bulletin / MS08-067 .mspx), MS08-068 (http://www.microsoft.com/tech net / security / bulletin / ms08-068 .mspx), MS09-001 (http://www.microsoft.com/tech net / security / bulletin / ms09-001 .mspx).
# Make sure that the password is the local administrator account is resistant to cracking - The password must contain at least six characters, with different registers and / or numbers. Either change the previously set the local administrator password.
# Disable autorun of executable files from removable media.
# Block access to TCP-ports 445 and 139 using a network screen.
Removing the worm kk.exe utility can be run locally on the infected computer or centrally, if the network is deployed set of Kaspersky Administration Kit.
Feedback
0Period | |||
1 month | 3 months | 12 months | |
0 | 0 | 0 | |
0 | 0 | 0 |