Virus Trojan Conficker,Downadup ,Kido Remover

Filed in Software on Jul.02, 2009

Kaspersky Tool

Symptoms of network infection.
1. Network traffic volume increases if there are infected PCs in the network, because network attack starts from these PCs.

2. Anti-Virus product with enabled Intrusion Detection System informs of the attack Intrusion.Win.NETAPI.buffer-overflow.exploit

3. It is impossible to access websites of the majority of anti-virus companies, e.g. avira, avast, esafe, drweb, eset, nod32, f-secure, panda, kaspersky, etc.

4. An attempt to activate Kaspersky Anti-Virus or Kaspersky Internet Security with an activation code at a computer infected with the Net-Worm.Win32.Kido network worm may result in abnormal termination and give one of the following errors:

Activation procedure completed with system error 2.
Activation error: Server name cannot be resolved.
Activation error. Unable to connect to server.

Methods of disinfection.

A special utility KK.exe should be used to remove this worm. MS Windows 95/MS Windows 98/MS Windows ME operating systems can’t be infected with this network worm.

To prevent all workstations and file servers from being infected with the worm, you are recommended to do the following:

- Install the patch from Microsoft that covers the vulnerability MS08-067, MS08-068, MS09-001 (on these pages you will have to select which operating system is installed on the infected PC, download corresponding patch and install it).

- Make sure the password of the local administrator account is not obvious and cannot be hacked easily – the password should contain 6 letters minimum; use a mixture of uppercase and lowercase, numbers and non-alphanumeric characters such as punctuation marks.

- Disable autorun of executable files from removable drives by launching the KK.exe utility with -a switch.For Windows XP/Server OS: Start – Run – type kk.exe –a – click OK
  For Windows Vista OS: Start – All Programs – Accessories – Run – type kk.exe –a – click OK
- Block access to TCP ports number 445 and 139 using a network screen.You need to block these ports only while you perform the disinfection. As soon as you have the entire red disinfected, feel free to unblock the ports.

The utility KK.exe can be run locally on the infected PC, or remotely with the help of Kaspersky Administration Kit.

Starting with the version 3.4.6 the KK.exe utility includes following return codes (%errorlevel%):
3 - Malicious threads were found and killed (worm was active).
2 - Malicious files were found and deleted (worm was inactive).
1 - Malicious scheduler jobs or function hooks were detected (this PC is not infected but the network might contain infected PCs – administrator should address this issue).
0 - Nothing found.
To remove the virus locally:
1. Download the archive KK_v3.4.7.zip and extract the contents into a folder on the infected PC.

2. Run file KK.exe

If you run the KK.exe file without any switches, the utility will put a stop to active infection (kill threads and remove hooks), perform a memory scan and a scan of critical areas vulnerable to infection, and clean the registry.

When the scan is over an active window of the command prompt may be displayed on your computer monitor, in order to minimize the window press any button. For the window of the command prompt to close automatically it is recommended to run the utility KK.exe with the the parameter –y.

3. Wait till the scanning is complete.

If Agnitum Outpost Firewall is installed on the computer where the utility KK.exe is launched, in this case it is obligatory to restart your PC once the work of the utility is over.

4. Perform full scan of your computer with your Kaspersky Anti-Virus

To get additional information about the utility, run KK.exe with an additional parameter –help.

In a domain network it is important to disinfect in the first place domains and computers with logged users from the groups “Administrators” and “Domain Admins” in the domain. Otherwise disinfection will be pointless – all PCs within the domain will keep getting infected every 15 minutes.

KK.exe -r -y -a -z -x
McAfee
ดาวน์ โหลด McAfee Stinger ได้ที่เว็บไซต์ http://vil.nai.com/vil/stinger/ หรือ http://download.nai.com/products/mcafee-avert/stinger1001546.exe

Tags: Conficker, Downadup, Kido, Remover, Trojan, Virus

You must be logged in to post a comment.

Categories
- Ajax (5)
- Google (2)
- Javascript (2)
- MySql (1)
  - Thai Mysql (1)
- OS (21)
  - IPCop (21)
- Software (3)
- Wireless (1)
Visits
- Visits today : 4
- Visits total : 3565
- Online : 1
- User Online : 0
- Your IP : 38.107.191.96
Meta
Centralized Log Server

AIMS (Advanced Internet Management System)
Smooth Downloading, Surfing
& Gaming with only 1 ADSL line
Bittorrent control and bulk donwload
control (Drop and Shaping)
Hotspot Billing System
(base on Iptables management)
Supported 2 language Thai and English
Qos and Tos , Traffic Treatment,
Bandwidth management
Proxy Server (Http,Ftp,Sip,Dns)
Booster Update Caching of all update
Firewall/Router Server
Automatic Anti-Viruses and Hacker Protection and blocking
Snort Intrusion Detection System (IDS)
Centralized Log Server
more…
Recent Posts
Archives
Blogroll
Tag
Aims ajax basics Billing Centralized Log Server command create data debug drag and drop email firewall Google Indexing Sites Grid groupadd groupdel Hotspot Hotspot Billing IBM identifiers ids install Internet Gateway Intrusion Detection System IPCop javascript layer7 protocols linux mru mtu mysql OS Proxy Server re active red setup Snort sudo swap table Thai type Update Accelerator user utd Verification

NetworkBangkok Support

NetworkBangkok PHP MySql MSSQL AJAX Web Thai Deverloper

Virus Trojan Conficker,Downadup ,Kido Remover

Leave a Reply

Categories

Visits

Meta

Centralized Log Server

Recent Posts

Archives

Blogroll