not disinfecting Net-Worm.Win32.Kido.ih

Discussion in 'ESET NOD32 Antivirus' started by penjoseph, Jan 26, 2009.

Thread Status:
Not open for further replies.
  1. penjoseph

    penjoseph Registered Member

    Joined:
    Dec 5, 2006
    Posts:
    26
    We are using a 100 user license of NOD32 for few years now.

    Had a peculiar problem recently in our office with Computer systems failing to browse the file server & certain websites not accessible ie; microsoft, eset (nod32), kaspersky, & even wilderssecurity

    Thinking this was an issue with the Windows XP OS, we formatted few systems to no avail.

    System Services are automatically stopped - mainly workstation, dhcp client etc


    Since NOD32 did not detect any untowardly activity while scanning, we tried with Kaspersky AV which detected " Net-Worm.Win32.Kido.ih " worm

    http://img.photobucket.com/albums/v663/eapen/tech/net-wormkidoih.jpg

    Kaspersky shows this resident virus
    Net-Worm.Win32.Kido.ih c:\windows\system32\istxyiks.dll


    NOD32 team, please update a patch for this issue. Currently, temporarily we are using stand-alone version of Kaspersky to remove the infections from clients & file server

    Regards
    Joseph
     
    Last edited: Jan 27, 2009
  2. penjoseph

    penjoseph Registered Member

    Joined:
    Dec 5, 2006
    Posts:
    26
    This infection i believe is a malware called kido which blocks AV websites.
     
  3. nonoise

    nonoise Registered Member

    Joined:
    Jun 6, 2008
    Posts:
    322
  4. penjoseph

    penjoseph Registered Member

    Joined:
    Dec 5, 2006
    Posts:
    26
    NOD32 Guys, you really need to pull up your socks & start working ! The tool does not even detect the infection ! Boo ! :mad:
     
  5. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,855
  6. penjoseph

    penjoseph Registered Member

    Joined:
    Dec 5, 2006
    Posts:
    26
  7. danieln

    danieln Eset Staff

    Joined:
    Jan 7, 2009
    Posts:
    112
    Conficker is made in a way to be hard to remove when Windows is running. It is "conflicting" the known AV programs. I am curious if somebody tried to boot some Linux Live CD, mount Windows partition via ntfs-3g and delete the file. I think Conficker is not able to prevent being deleted when another OS is running.
    ESET Online Scanner Beta for Windows (the newer one, not the ActiveX one) is running in Linux when WINE is installed.

    command:
    wine esetsmartinstaller_enu.exe
    or
    wine esetsmartinstaller_sky.exe

    http://beta.eset.com/eos
    http://www.eset.sk/virus-info/eset-online-scanner

    Anyway, I suggest you to submit the dll to the virus lab and they will investigate the problem.
     
  8. penjoseph

    penjoseph Registered Member

    Joined:
    Dec 5, 2006
    Posts:
    26
    Yes, I have send the samples via the quarantine box - Today NOD32 managed to catch the infection but not permanently remove them.

    An interesting read from Microsoft on conficker\kido worm :

    http://support.microsoft.com/kb/962007
     
  9. Rmuffler

    Rmuffler Former Eset Moderator

    Joined:
    Jun 26, 2008
    Posts:
    995
    Location:
    San Diego, CA USA
  10. bradtech

    bradtech Guest

    As much as I advocate NOD32, and use it on my clients and servers.. I do recommend a layered approach to spyware, and viruses.. I have Symantec/Kaspersky on my mail firewalls, and NOD32 on servers/Systems.. plus I scan my network shares with different av from time to time.
     
  11. atolica

    atolica Registered Member

    Joined:
    Mar 25, 2008
    Posts:
    19
Thread Status:
Not open for further replies.