My Windows XP PRO SP3 was infected by Kido.

**edersonsantos** · 09.05.2009, 06:34

My Windows XP PRO SP3 was infected by Kido. But I don't know is infected by other virus?!? Can you help me?

**drongo** · 09.05.2009, 15:03

You should make log in normal mode, not in the safe mode like you did.
Please read carefully: http://virusinfo.info/showthread.php?t=9184

**Rene-gad** · 09.05.2009, 15:10

Switch off/Disable:
- Antivirus and and, if you have - Firewall.
- System Restore

- Execute following script in Manual Cure

Код:

begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
 StopService('fqigke');
 StopService('catchme');
 StopService('Pl1080nipoce');
 QuarantineFile('C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\catchme.sys','');
 QuarantineFile('Pl1080nipoce.sys','');
 QuarantineFile('C:\WINDOWS\system32\drivers\xjncfjv.sys','');
 DeleteFile('C:\WINDOWS\system32\drivers\xjncfjv.sys');
 DeleteFile('C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\catchme.sys');
 DeleteFile('Pl1080nipoce.sys');
 DeleteFile('C:\WINDOWS\system32\drivers\Pl1080nipoce.sys');
 DeleteService('Pl1080nipoce');
 DeleteService('fqigke');
 DeleteService('catchme');
BC_ImportAll;
ExecuteSysClean;
BC_DeleteSvc('Pl1080nipoce');
BC_DeleteSvc('fqigke');
BC_DeleteSvc('catchme');
ExecuteRepair(6);
ExecuteRepair(9);
BC_Activate;
RebootWindows(true);
end.

After reboot execute following script in Manual Cure

Код:

begin
CreateQurantineArchive('C:\quarantine.zip');
end.

- Clean Temp-Maps, Cache of Browsers, Recycler. Use Windows service tool cleanmgr or CCleaner or ClearProg
- Close all the programs and start only Internet Explorer!!!
- Repeat a log file in normal mode.
- Switch Antivirus and, if you have - Firewall, on.
- Go On-Line
- Upload the C:\quarantine.zip over the link Upload quarantined files on the top of this page.
- Attach a log to your new post..

**edersonsantos** · 09.05.2009, 20:42

Сообщение от drongo

You should make log in normal mode

Thanks for your instructions. I know, but my pc isn't start in normal mode. Any other idea?

**edersonsantos** · 10.05.2009, 07:08

Finally, logs in normal mode.

**Rene-gad** · 10.05.2009, 11:59

-Fix with Hijackthis

Код:

O2 - BHO: (no name) - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - (no file)

Nothing suspicious more. Is your problem solved?

**edersonsantos** · 13.05.2009, 00:07

No, is not. The pc present this situation follow:

1. After scan, Hijackthis is closed, automatically;
2. Sometimes, logon is locked in blue screen - no response mouse or keyboard, but I see activity in the hd;
3. Combofix offer memory error with blue screen.

Thatґs all.

**Rene-gad** · 13.05.2009, 10:16

Сообщение от edersonsantos

3. Combofix offer memory error with blue screen.

Is any usefull information on BSOD present?
Execute the script

Код:

begin
SetAVZPMStatus(True);
RebootWindows(true);
end.

and make new logs. If you'll not able to generate any log - make the next one.

My Windows XP PRO SP3 was infected by Kido.

Опции темы

My Windows XP PRO SP3 was infected by Kido.

Похожие темы

My Windows XP Pro machine was infected

Probably virus infected Windows XP Pro

Infected: virus Net-Worm.Win32.Kido.ih

net-worm.win32.kido.ih infected

Every time i have put a new windows in the few days and another antivirus i always was infected

Метки для этой темы

Ваши права в разделе