Kido new

Viruses and worms
1

I have a problem with knew version of Kido virus. Its blocked sites avast.com, kaspersky.com, microsoft.com, etc... Blocked by loopback the dns query. Kidokill wont help. Non avast, nor kaspersky won`t found this virus. DrWEB found only one .dll file with reason win32.HHL.Shadow, but this is only a part of the virus, and after deleting this file virus still works. Who knows, how delete this *** virus?

P.S. Sorry for my English, too few practice last time^(
P.P.S. Avast antivirus wont find autotun.inf virus. File 95036 bites. DrWEB finds this file like win32.worm (thats all information) but delete it. Urgently need bases update... Wont found too many viruses^(

2

Hi SadCat,

I would boot into safe mode and try a full scan with Malwarebytes or SuperantiSpyware.

MBAM: http://www.malwarebytes.org/mbam-download.php

SAS: http://downloads.superantispyware.com/downloads/SUPERAntiSpyware.exe

Good luck!

Avastfan1

3

I suggest:

  1. Clean your temporary files.
  2. Schedule a boot time scanning with avast with archive scanning turned on. If avast does not detect it, you can try DrWeb CureIT! instead.
  3. Use SUPERantispyware, MBAM or Spyware Terminator to scan for spywares and trojans. If any infection is detected, better and safer is send the file to Quarantine than to simple delete them.
  4. Test your machine with anti-rootkit applications. I suggest avast! antirootkit or Trend Micro RootkitBuster.
  5. Make a HijackThis log to post here or this analysis site. Or even submit the RunScanner log to to on-line analysis.
  6. Disable System Restore and then reenable it again.
  7. Immunize your system with SpywareBlaster.
  8. Check if you have insecure applications with Secunia Software Inspector.
4

You can go to virustotal.com and send the files and let us know the result if its a virus then you should simply go to chest then add + email to alwil software and let them to search for virus on this file

Have fun

Mr.Agent

5

MBAM didnt find anything. Kaspersky with last bases found it and delete. NetWorm.Win32.Kido.h. autorun.inf file and its clone in /restore information directory.