The same old question…
How do i F*****G remove a virus that keeps popping on?
I found that i am infected with KIDO and it is a real pain!
I can make my antivirus update and explorer/mozilla can connect to A.V. sites by closing a svchost.exe from local service!
This will eventually turn himself on so you better move quickly!
Avast DOSE NOT FIND IT!
So my only hope was avast and spyware doctor or dr. web!
Since all failed i mite ask for professional help in stead!
Please answer ASAP!
I am currently making a file recovery from a badly broken hard drive that gave me around 300 surprises and keep counting… (malware trojans and bad sectors from it i mean)
Bad sectors were around 5.000 in 20. gb of data in the C:\ drive and 200/300 in the D:\ in 130 gb. of data!
Hard drive is western digital 160 gb.
The worst is not over!
VIRUT32 was on too but i managed him fast with dr. web live cd in 4 days!
still in sistem volume information is hidden here a part of virut and cannot be deleted >:(!
P.S. cannot make hidden files visible AT ALL! mabie is another virus there!
Please tell me a solution to my problem!
Oh forgot about this error!:
Entry Point Not Found
The procedure entry point_except_handler4_common could not be located in the dynamic link library msvcrt.dll
This OS is brand new installed and it gave me a real pain doing it 6 times in 1 day!
Thanks, DarK-Wisper
Thankyou i will try all of theese methods but for virut i strongly recommand Dr. Web live Cd!
It is a isolinux scanner and a verry strong one ;D!
Have a nice day!
Regards, DarK-Wisper.
P.S. i am going to let you know if it done some help!
Nothing you gave me worked
Nothing was found!
My comp. works slow and my internet is really slow!
I usually download from my utorrent tracker with minimum 2 mb/sec and 5 normally 7 is with many seeders and max was 36mb/sec !
So my internet provider is a good one!
My computer freezes sometimes and it really pisses me off! I have to restart the computer from the button or else it takes ages to recover!
HELP!!
Another thing!
I mite have KIDO.IT not the regular KIDO!
I am not sure!!! ???
I allmost fell asleep while reading that post…
I use AVAST and Spyware doctor!
In some cases i use Dr Web CureIt or/and Dr Web Live CD (as a last resort)
It is not my case if you dont like what we wrote "the information is good and yes,have some advanced things"
in general may i include some girls photos so you will not sleep,putting some flash will be good,and the 1000000 user message will be good too.
but you dont tell me,are you starting generating reports or not?
If the read from spyhacker is too technical, go to the nitty gritty and try this manual cleansing:
Make a copy of the registry first to return to in case of an error!
Step 1 : Use Registry Editor to Remove Kido Registry Values
To open the Registry Editor, go to Start > Run > type regedit and then press the “OK” button.
Locate and delete the entry or entries whose data value (in the rightmost column) is the spyware file(s) detected earlier.
To delete “Kido” value, right-click on it and select the “Delete” option.
Locate and delete “Kido” registry entries:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost, netsvcs = %Previous data% and %Random%
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Advanced\Folder\Hidden\SHO WALLCheckedValue = dword:00000000
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services{random}"ImagePath" = %SystemRoot%\system32\svchost.exe -k netsvcs
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services{random}\Parameters"ServiceDll" = “[PATH OF WORM]”
Step 2 : Use Windows Command Prompt to Unregister Kido DLL Files
To open the Windows Command Prompt, go to Start > Run > type cmd and then click the “OK” button.
Type “cd” in order to change the current directory, press the “space” button, enter the full path to where you believe the Kido DLL file is located and press the “Enter” button on your keyboard. If you don’t know where Kido DLL file is located, use the “dir” command to display the directory’s contents.
To unregister “Kido” DLL file, type in the exact directory path + “regsvr32 /u” + [DLL_NAME] (for example, :C\Spyware-folder> regsvr32 /u Kido.dll) and press the “Enter” button. A message will pop up that says you successfully unregistered the file.
Search and unregister “Kido” DLL files:
%All Users Application Data%[RANDOM FILE NAME].dll
%Program Files%\Movie Maker[RANDOM FILE NAME].dll
%Program Files%\Internet Explorer[RANDOM FILE NAME].dll
%Temp%[RANDOM FILE NAME].dll
%System%[RANDOM FILE NAME].dll
Step 3 : Detect and Delete Other Kido Files
To open the Windows Command Prompt, go to Start > Run > type cmd and then press the “OK” button.
Type in “dir /A name_of_the_folder” (for example, C:\Spyware-folder), which will display the folder’s content even the hidden files.
To change directory, type in “cd name_of_the_folder”.
Once you have the file you’re looking for type in “del name_of_the_file”.
To delete a file in folder, type in “del name_of_the_file”.
To delete the entire folder, type in “rmdir /S name_of_the_folder”.
Select the “Kido” process and click on the “End Process” button to kill it.
Remove the “Kido” processes files:
%Temp%[Random].tmp
%System%[Random].tmp
%All Users Application Data%[RANDOM FILE NAME].dll
%Program Files%\Movie Maker[RANDOM FILE NAME].dll
%Program Files%\Internet Explorer[RANDOM FILE NAME].dll
%Temp%[RANDOM FILE NAME].dll
%System%[RANDOM FILE NAME].dll
I wouldn't go with "[url=http://mvp.support.microsoft.com/]MVP[/url]". Unless you are certified as such. Might cause confusion.
How about "Antihacker"?
Being MVP is good but i dont think they will give it to a syrian guy"i really suffer in source forge now coz of the american rules thet prevent us from some projects,but at the end they lose not me"
How about "Antihacker"?
i wont be traitor for the white hackers community ;),but thank you
Superhacker sorry to insult your work but it was 3 AM. when i was reading that… u make the connections why i almost fell asleep.
That was really useful! i read 25% and when i scrooled down i saw it was too huge data to understand at that time…
and what did u mean about
but you dont tell me,are you starting generating reports or not?
Didn't catch that... sorry!
I am not a pro in virus removing!
1 more thing guys is it really possible that i might not have KIDO at all?
My internet connection is perfect 42 mb/second at my last test without this "net worm" and now more than 6 mb/second max it gives me the results!
My utorrent works slowly, my browser moves slowly, my pc freezes sometimes...
Any program out there to make a diagnostic?
POLONUS
In
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost, netsvcs = %Previous data% and %Random%
Here is what i have there!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost
3 things:
Default
AuthenticationCapabilities
CoInitializeSecurityParam
here is what i have:
NOHIDDEN -folder
SHOWALL -folder
These are folders that have almost the same things inside!
I searched in regedit for servicedll
and found
%SystemRoot%\System32\6to4svc.dll
in it!
What is it?
And for imagepath i searched and found this in it:
system32\DRIVERS\ACPI.sys
No random files were found in the computer!
Other explinations whi my computer works like s*!t ?
thanks in advance!
Sorry dark-wisper,me too i was tired and angry a little
and i mean to use the tools that i name under the Overall system analyzer like eset sysinspector ,auto runs,…
if you can give them we will be really able to help you.
Dude malwarebytes has found 80 infected files that are fake positive!
Rogue.foxie is the tool i use to clean my pc from junk files and scan for registry viruses!
It can’t be a virus!
Trend micro system cleaner i am using to scan for Worm_download to see if i am infected with this one!
cya tomorrow… it’s 2 am here and it’s really LATE! And i am tired :-\
Edit:
Malwarebytes' Anti-Malware 1.44
Database version: 3743
Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180
[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot when it is done
[*]Then post a new OTL log ( don’t check the boxes beside LOP Check or Purity this time )
