Kido attack

Status
Not open for further replies.
mad1231moody

mad1231moody

Journeyman
Hi freinds. My PC was affected by the Kido worm. A trial version of Kaspersky weeded out the worm and I also ran Norton Dawnadup Remover tool. But still every 2 hrs or so My kaspersky detects keylogger activity and when I click on view report I get this message.

4/12/2009 5:45:27 PM Keylogger activity C:\WINDOWS\SYSTEM32\DRIVERS\KBDCAP.SYS Detected: Keylogger
4/12/2009 5:46:27 PM Keylogger activity C:\WINDOWS\SYSTEM32\DRIVERS\KBDCAP.SYS Detected: Keylogger
4/12/2009 5:46:27 PM Keylogger activity C:\WINDOWS\SYSTEM32\DRIVERS\KBDCAP.SYS Detected: Keylogger
4/10/2009 9:31:06 PM Keylogger activity C:\WINDOWS\SYSTEM32\DRIVERS\KBDCAP.SYS Not terminated: Keylogger
4/10/2009 9:32:06 PM Keylogger activity C:\WINDOWS\SYSTEM32\DRIVERS\KBDCAP.SYS Not terminated: Keylogger
4/10/2009 9:33:06 PM Keylogger activity C:\WINDOWS\SYSTEM32\DRIVERS\KBDCAP.SYS Not terminated: Keylogger
4/10/2009 9:34:06 PM Keylogger activity C:\WINDOWS\SYSTEM32\DRIVERS\KBDCAP.SYS Not terminated: Keylogger
4/10/2009 9:35:06 PM Keylogger activity C:\WINDOWS\SYSTEM32\DRIVERS\KBDCAP.SYS Not terminated: Keylogger
4/10/2009 9:36:06 PM Keylogger activity C:\WINDOWS\SYSTEM32\DRIVERS\KBDCAP.SYS Not terminated: Keylogger
4/10/2009 9:37:06 PM Keylogger activity C:\WINDOWS\SYSTEM32\DRIVERS\KBDCAP.SYS Not terminated:
Click to expand...
Kaspersky is unable to weed it out and even I am not deleting the KBDcap file as it is a sys file. Please hlep out :smile:
 
yippee

yippee

lost in my world
The Win32.Worm.Downadup, aka "Conficker" or "Kido," first hit the world last year by exploiting the MS08-067 vulnerability that let it spread in loosely secured networks.
Click to expand...
*www.technewsworld.com/rsstory/65869.html
*www.viruslist.com/en/alerts?alertid=203996089
see if antivir and comodo can detect it, they both are free
and keep your system updated
 
PhB

PhB

Jughead!!!
See if this helps,

> Goto safe mode or boot from linux
> Navigate to C:\WINDOWS\SYSTEM32\DRIVERS\
> Delete KBDCAP.SYS
> Goto C:\
> Delete autorun.inf (If it's present)
 
A

abhijangda

Padawan
just download quickheal update it and run a scan after changing it's settings little bit
i was also able to repair my friends pc by quickheal which was also attacked by Kido
 
Status
Not open for further replies.
Top Bottom