Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Kido Virus on Windows 2003 betwork

Status
Not open for further replies.
cooky44

cooky44

MIS
Dec 2, 2010
1
GB
Hi

I am running Kaspersky for Workstations 6.04 and for servers.All updated but the Kido virus has turned up, I have blocked ports 445 and 139, turned Antivirus off, run kidokiller with switches, rescanned and it is still there. All PC's have been updated with the relevant patches for win 2000, xp and all that Microsoft have said and they are still infected - unsure of what to do next.

Thanks in advance

sharon
 
Sort by date Sort by votes
1. Malwarebyte's anti-malware on server & workstations.

2. If that doesn't work, then use Combofix. Be careful running combofix on the server.

Maybe isolate all the machines (network cable disconnected) as you are doing the scans to prevent any re-infection.
 
Upvote 0 Downvote
To add to goombawaho's approach, I might would suggest this order of events:

1. Disconnect the server first, since all the client PCs connect more-so directly to it than each other... I'd imagine.
2. And of course disconnect any known infected PCs..
3. Use MBAM (mentioned by Goomb), SuperAntiSpyware first - both are very safe to use, maybe run a good cleaner like CCleaner as well... use Combofix with caution as suggested... and only use it if the others don't cure the problem.... continue down the path of fixing the server.
4. Once you get the server zapped, work on the PCs, restoring their connection to the server as they are fixed.. that way, you can get clean client workstations connected back in a quicker manner, so at least some can be about their business.

Of course, I'm assuming this is possible, b/c I don't know what your environment is. I'd imagine the possibility of someone using a virus or combination of viruses to strip sensitive information from the computers reason enough to proceed in this manner. [wink]

You can find MBAM and SAS at in case you've not used them before.
 
Upvote 0 Downvote
^^^^ That would have been my FULL answer had I decided to invest that much IN the answer. Good job kjv1611 -

You complete me..........
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

iambob
  • Locked
  • Question
Avast Anti-Virus is.. a virus?! 3
Replies
5
Views
213
Oorde
Oorde
shivajiboss
  • Locked
  • Question
I am getting a problem while opening up my windows
Replies
1
Views
179
2ffat
2ffat
Olumighty
  • Locked
  • Question
BIOS PASSWORD WIPE OR CLEAR ON COMPUTER LAPTOP 1
Replies
1
Views
127
SamBones
SamBones
Tiffc0922
  • Locked
  • Question
Virus / Malware Scans on Local PCs
Replies
5
Views
130
goombawaho
goombawaho
andyv2011
  • Locked
  • Question
Looking at Virus Actions
Replies
0
Views
84
andyv2011
andyv2011

Part and Inventory Search

Sponsor

Back
Top