Net-Worm.Win32.Kido.ih spreads mainly via local networks and removable storage media. This Win32.kido worm copies itself automatically to remote computers by creating temporary files with random extension. Follow the steps and tools given below to remove Net-Worm.Win32.Kido.ihworm/ rootkit completely.
More details of this Win32.Kido.ih Worm
The program itself is a Windows PE DLL file and unlike other worms it’s size could vary from 155KB to 165KB. Also this rootkit is packed using UPX.
How to locate this worm ?
Check the following windows location, where the worm automatically copies its exe files with random names.
%Program Files%Internet Explorer<random>.dll
%Program Files%Movie Maker<random>.dll
%All Users Application Data%<random>.dll
Removal of NetWorm-Win32-Kido.ih
You can use the free rootkit removal tools listed in our RootKit Removal article for removing this worm completely or follow the manual steps below.
Manual steps for removing NetWorm Win32.Kido.ih Worm
Delete the registry key from
Delete “%System%<random>.dll” from system registry key value shown below:
Reboot the system.
Delete the original worm file and it’s copies from the windows location show before.
Delete autorun files and .exe files located in removable storage [usb flash/pen drives]