How to Remove NetWorm-Win32-Kido.ih Worm Completely

by renjith on October 29, 2009 · 0 comments

in Rootkit Removal, security, Virus Removal

remove Win32.Kido.ih-computer-virus Net-Worm.Win32.Kido.ih spreads mainly via local networks and removable storage media. This Win32.kido worm copies itself automatically to remote computers by creating temporary files with random extension. Follow the steps and tools given below to remove Net-Worm.Win32.Kido.ihworm/ rootkit completely.


More details of this Win32.Kido.ih Worm

The program itself is a Windows PE DLL file and unlike other worms it’s size could vary from 155KB to 165KB. Also this rootkit is packed using UPX.

How to locate this worm ?

Check the following windows location, where the worm automatically copies its exe files with random names.

%System%<random>dir.dll%Program Files%Internet Explorer<random>.dll %Program Files%Movie Maker<random>.dll %All Users Application Data%<random>.dll %Temp%<random>.dll %System%<random>tmp %Temp%<random>.tmp

Removal of NetWorm-Win32-Kido.ih

You can use the free rootkit removal tools listed in our RootKit Removal article for removing this worm completely or follow the manual steps below.

Manual steps for removing NetWorm Win32.Kido.ih Worm

Delete the registry key from 

[HKLMSYSTEMCurrentControlSetServicesnetsvcs]

Delete “%System%<random>.dll” from system registry key value shown below: 

[HKLMSOFTWAREMicrosoftWindows NTCurrentVersionSvcHost]"netsvcs"

Reboot the system.

Delete the original worm file and it’s copies from the windows location show before.

Delete autorun files and .exe files located in removable storage [usb flash/pen drives]

<K>:autorun.inf

<K>:RECYCLERS-<%d%>-<%d%>-%d%>-%d%>-%d%>-%d%>-%d%><random>.vmx

Update your current antivirus databases and perform a full scan of the computer to remove NetWorm Win32.Kido.ih (or you can download latest Kaspersky AntiVirus 2010 or Norton Antivirus 2009 for fee).

Be Sociable, Share!

Related posts:

  1. How To Completely Remove McAfee Antivirus and Internet security
  2. How to delete Khatra.exe ,gHost.exe, Xplorer.exe Virus [Win32.Sality Removal Tool]
  3. Orkut banned by a virus!! (Removal included)
  4. Best Rootkit Removal Tools For Free
  5. How To Remove Nokia/Sony Ericsson Browser Icon From My Computer
  6. Orkut Server Errors and Vulnerabilities
  7. Recycler Virus Removal Tool Disinfects PC/ USB from Recycler.exe

{ 0 comments… add one now }

Leave a Comment

Previous post:

Next post: