[cmdbanzai]

hey guys,

i have a virus called win32.worm.kido.k it blocks my computer from accessing the internet.
any idea how to remove it.

thanks in advance

[Advertisements]

Hi

Welcome to Geekstogo. I'm Azarl and I'll be helping you. Please be patient, I'm still in training so my actions need to be checked before I reply to you.

Please read all of my response through at least once before attempting to follow the procedures described. I would recommend printing them out, if you can, as you can check off each step as you complete it. If there's anything you don't understand or isn't totally clear, please come back to me for clarifiation.

Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you

[azarl]

Hi

Welcome to Geekstogo. I'm Azarl and I'll be helping you. Please be patient, I'm still in training so my actions need to be checked before I reply to you.

Please read all of my response through at least once before attempting to follow the procedures described. I would recommend printing them out, if you can, as you can check off each step as you complete it. If there's anything you don't understand or isn't totally clear, please come back to me for clarifiation.

Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you

[azarl]

Hi cmdbanzai

I need some more information before I can help you

Step 1
RootRepeal
Rootkits can generally be removed effectively, but they need to be removed before other malware can be cleaned, and they sometimes interfere with some of the tools we use

• Download RootRepeal.
• Double click RootRepeal.exe to start the program
• Click on the Report tab at the bottom of the program window
• Click the Scan button
• In the Select Scan dialog, check:
  
  • Drivers
  • Processes
  • SSDT
  • Hidden Services
• Click the OK button
• In the next dialog, select all drives showing
• Click OK to start the scan
  Note: The scan should not take very long. DO NOT run any other programs while the scan is running
• When the scan is complete, the Save Report button will become available
• Click this and save the report to your Desktop as RootRepeal.txt
• Go to File, then Exit to close the program

Step 2
OTL
OTL is currently our primary tool for searching key areas of the registry and other system locations for the telltale signs of malware. It generates a comprehensive log, and offers an initial diagnosis.

Important note: HijackThis has been replaced by OTL in this guide. Since being acquired by TrendMicro, HijackThis has not been regularly updated. Many infections are now able to hide partly, or completely from a HijackThis scan. OTL is authored by one of our staff members (OldTimer). It includes all the scan locations of HijackThis and more. It's not only a more comprehensive scan tool, but also offers more powerful removal features.

• Download OTL to your Desktop
• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Under the Custom Scan box paste this in:
  
  

  
  %systemroot%\*. /s /r
  netsvcs
  %SYSTEMDRIVE%\*.exe
  %systemroot%\system32\eventlog.dll
  %systemroot%\system32\scecli.dll
  %systemroot%\netlogon.dll
  %systemroot%\system32\cngaudit.dll
  %systemroot%\system32\sceclt.dll
  %systemroot%\ntelogon.dll
  %systemroot%\system32\logevent.dll

  
  
• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and paste them into your reply.

Next Step...
Please post the RootRepeal and both OTL logs in your reply