Kido attack

mad1231moody · 12-04-2009, 05:52 PM

Hi freinds. My PC was affected by the Kido worm. A trial version of Kaspersky weeded out the worm and I also ran Norton Dawnadup Remover tool. But still every 2 hrs or so My kaspersky detects keylogger activity and when I click on view report I get this message.

Quote:

4/12/2009 5:45:27 PM Keylogger activity C:\WINDOWS\SYSTEM32\DRIVERS\KBDCAP.SYS Detected: Keylogger
4/12/2009 5:46:27 PM Keylogger activity C:\WINDOWS\SYSTEM32\DRIVERS\KBDCAP.SYS Detected: Keylogger
4/12/2009 5:46:27 PM Keylogger activity C:\WINDOWS\SYSTEM32\DRIVERS\KBDCAP.SYS Detected: Keylogger
4/10/2009 9:31:06 PM Keylogger activity C:\WINDOWS\SYSTEM32\DRIVERS\KBDCAP.SYS Not terminated: Keylogger
4/10/2009 9:32:06 PM Keylogger activity C:\WINDOWS\SYSTEM32\DRIVERS\KBDCAP.SYS Not terminated: Keylogger
4/10/2009 9:33:06 PM Keylogger activity C:\WINDOWS\SYSTEM32\DRIVERS\KBDCAP.SYS Not terminated: Keylogger
4/10/2009 9:34:06 PM Keylogger activity C:\WINDOWS\SYSTEM32\DRIVERS\KBDCAP.SYS Not terminated: Keylogger
4/10/2009 9:35:06 PM Keylogger activity C:\WINDOWS\SYSTEM32\DRIVERS\KBDCAP.SYS Not terminated: Keylogger
4/10/2009 9:36:06 PM Keylogger activity C:\WINDOWS\SYSTEM32\DRIVERS\KBDCAP.SYS Not terminated: Keylogger
4/10/2009 9:37:06 PM Keylogger activity C:\WINDOWS\SYSTEM32\DRIVERS\KBDCAP.SYS Not terminated:

Kaspersky is unable to weed it out and even I am not deleting the KBDcap file as it is a sys file. Please hlep out

mad1231moody · 13-04-2009, 06:29 PM

Hello there, please helpme out this time please

yippee · 13-04-2009, 06:40 PM

Quote:

The Win32.Worm.Downadup, aka "Conficker" or "Kido," first hit the world last year by exploiting the MS08-067 vulnerability that let it spread in loosely secured networks.

http://www.technewsworld.com/rsstory/65869.html
http://www.viruslist.com/en/alerts?alertid=203996089
see if antivir and comodo can detect it, they both are free
and keep your system updated

PhB · 13-04-2009, 10:55 PM

See if this helps,

> Goto safe mode or boot from linux
> Navigate to C:\WINDOWS\SYSTEM32\DRIVERS\
> Delete KBDCAP.SYS
> Goto C:\
> Delete autorun.inf (If it's present)

abhijangda · 13-04-2009, 11:44 PM

just download quickheal update it and run a scan after changing it's settings little bit
i was also able to repair my friends pc by quickheal which was also attacked by Kido

Popular Categories

Popular Articles

Content Categories

Sister Sites

Follow Us

Facebook Channels

Digit Magazine