What is Kido worm?
Kido worm is a polymorphic worm that has been spreading through the Internet community since the end of 2008. This worm makes use of a critical vulnerability in Microsoft Windows to propagate via local network and removable disks. PCs with un-patched system or low network security are more likely to be infected. Once installed on the machine, this worm inhibits system restoration, prevents access to security websites, and even brings malware to the infected machines without user’s consent.
From a report researched by the most leading antivirus software vendors, a list of 100 top malware in 2009 is revealed, in which 26 variants of Kido worm are included. It can be easily seen that Kido worm takes up substantial proportion of the top most malicious programs.
PC users are strongly recommended to remove the Kido worm once found and keep the antivirus program up-to-date.
Do you have Kido worm?
If you have enough time and expertise, you can search your computer for Kido worm manually. However, it might take hours to find out all files of Kido worm, and it is possible that Kido worm will appear after rebooting, for its hidden files may still be there.
Download automatic scanner for Kido worm
Spyware Cease – the technology-oriented security protection that provides a risk-free computing environment for your home and office – with detection, removal and guard in one intuitive and straight-forward interface. Only Spyware Cease gives you individual fix against the most dangerous spyware problems.
Manual Kido worm removal instructions
WARNING: The manually removal method is for advanced users. Kido worm manually removal can be difficult and time-consuming. There is no guarantee that Kido worm can be completely removed, for there are hundreds of files generated when Kido worm installed on your system. Make sure to back up your computer in case that you make any mistakes and your system does not work.
Follow the instructions below to remove Kido worm manually:
Navigate and stop the Kido worm processes:
N/A
Navigate and delete Kido worm files:
%Temp%\[Random].dll
%System%\[Random].tmp
%Temp%\[Random].tmp
%Program Files%\Internet Explorer\[Random].dll
%Program Files%\Movie Maker\[Random].dll
%All Users Application Data%\[Random].dll
Navigate and remove Kido worm registry keys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\{random}\Parameters\”ServiceDll” = “Path to worm”
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\{random}\”ImagePath” = %SystemRoot%\system32
What are the symptoms of Kido worm?
- Kido worm may connect itself to the internet
- Kido worm may hide from the user
- Kido worm may stay resident in background
How do I keep away from Kido worm
Once you have cleaned up Kido worm, the most important point to prevent Kido worm and future malicious programs from reverting is to stay suspicious of spam E-mail attachment and unknown websites. Here are several ways in which you can help protect your computer against Kido worm and other malware:
- Use a computer firewall
- Confirm that you have downloaded all the latest critical security updates
- Adjust Internet Explorer web browser’s security settings
- Download and install anti-spyware protection, such as, Spyware Cease
- Surf sites and download programs from the web sites you trust
What is Worm?
Kido worm is a type of worm.
In a computer, a worm is a self-replicating computer program that does not alter files but resides in active memory. The difference between a computer worm and a computer virus is that a computer virus can not run itself. A virus usually needs a virus program to run, and the virus code also runs as part of the host program. However, a worm does not need a host program to run; it uses a network to spread itself over computers on the network.
The original computer worm was released (maybe accidentally) on the Internet by Robert Tappan Morris in 1988. The Internet Worm used sendmail, fingerd, and rsh/rexec to spread itself across the Internet.
The SQL Slammer Worm of 2003 used vulnerability in Microsoft SQL Server 2000 to spread itself across the Internet. The Blaster Worm, also of 2003, used vulnerability in Microsoft DCOM RPC to spread itself.
The Melissa worm of 1999, the Sobig worms of 2003 and the Mydoom worm of 2004, all spread through e-mail. These worms shared some features of a Trojan horse, in that they spread by enticing a user to open an infected e-mail attachment.
Mydoom also attempted to spread itself through the peer-to-peer file sharing application KaZaA. The Mydoom worms attempted a Denial of Service (DoS) attack against SCO and Microsoft.
