Kido Virus on Windows 2003 betwork

[cooky44]

Hi

I am running Kaspersky for Workstations 6.04 and for servers.All updated but the Kido virus has turned up, I have blocked ports 445 and 139, turned Antivirus off, run kidokiller with switches, rescanned and it is still there. All PC's have been updated with the relevant patches for win 2000, xp and all that Microsoft have said and they are still infected - unsure of what to do next.

Thanks in advance

sharon

 

[goombawaho]

1. Malwarebyte's anti-malware on server & workstations.

2. If that doesn't work, then use Combofix. Be careful running combofix on the server.

Maybe isolate all the machines (network cable disconnected) as you are doing the scans to prevent any re-infection.

 

[kjv1611]

To add to goombawaho's approach, I might would suggest this order of events:

1. Disconnect the server first, since all the client PCs connect more-so directly to it than each other... I'd imagine.
2. And of course disconnect any known infected PCs..
3. Use MBAM (mentioned by Goomb), SuperAntiSpyware first - both are very safe to use, maybe run a good cleaner like CCleaner as well... use Combofix with caution as suggested... and only use it if the others don't cure the problem.... continue down the path of fixing the server.
4. Once you get the server zapped, work on the PCs, restoring their connection to the server as they are fixed.. that way, you can get clean client workstations connected back in a quicker manner, so at least some can be about their business.

Of course, I'm assuming this is possible, b/c I don't know what your environment is. I'd imagine the possibility of someone using a virus or combination of viruses to strip sensitive information from the computers reason enough to proceed in this manner.

You can find MBAM and SAS at

http://www.download.com

in case you've not used them before.

 

[goombawaho]

^^^^ That would have been my FULL answer had I decided to invest that much IN the answer. Good job kjv1611 -

You complete me..........