How to remove Kido
Friday, January 30th, 2009 at 4:28 amHome » Worm » Kido
Kido description
Kido worm is another name for Conficker/Downadup infection. Kido a.k.a. Net-Worm.Win32.kido infection distributes itself via MS08-067 Windows vulnerability. The worst thing about Kido infection is its ability to join the infected machine to zombie network. The compromised computer may then be used by hackers for various malicious activities.
Download and install the latest Windows updates to avoid Worm.Win32.Kido.
If a computer is infected with Kido worm, security tools won’t be able to download updates. The infection also prevents downloading new security programs and visiting websites related to computer safety. Kido/Downadup/Conficker is also known for making a machine run really slow.
Get rid of Kido
How to manually remove Kido
To remove Kido spyware you must block Kido sites, stop and remove processes, unregister DLL files, search and delete all other Kido files and registry utility. Follow the Kido detection and removal instructions below.
The most typical software removal method is to remove Kido by using "Add or Remove Programs" service. However there may be hidden Kido files, running processes and registries in your computer, so Kido may recreate all other files after reboot.
Kido manual removal instructions
Block Kido sites:
hgetmyip.org
getmyip.co.uk
checkip.dyndns.org
whatsmyipaddress.com
ahayw.info
ajcminmqpeu.com
anosb.biz
aqgcurmt.net
bdfbobhuls.com
bjmqxoxbmyq.org
bszeu.info
cfcpreiwtgx.net
cpfgbuwqv.biz
cukpubgb.net
dconkp.com
dpxzsrjhsn.org
dtyqryfi.biz
dviwvh.net
dwmpveim.info
dxnlypjjxp.biz
eaguzulxdr.org
ekrohmqa.info
eoblibwqaig.info
epvzvuah.info
ethogxkt.net
euwqeixq.biz
exxcpxm.net
eyjayqmwxxo.org
ezhvnjlvuk.org
fdzwsak.net
gatkcy.org
gceqy.info
ggcnqnr.info
gkmdbporqmp.biz
gmtgpb.org
guiahproe.info
gxepchol.net
gztql.net
haqrcz.com
hkqrhqev.com
hndrijmu.org
hvxmlcc.org
idahdfyojhz.com
ipbdwihw.info
iquvtfhm.net
irhtphctgn.com
ivouyvxaf.net
jfvyipo.info
jhhwydtk.com
jjbuafs.info
jptplynb.org
jutsyu.com
kagvjo.com
kfzksydrct.org
khvdkdjnrhr.biz
ktivtbse.net
lbori.com
ltxbrwfosrg.net
mhjhb.com
mtqcpiwod.biz
nsjmewgdb.com
ntshnjyxfh.net
nxphotp.com
ocykqj.biz
oenjrcaly.net
oororgpkbp.com
ozlqvnkiq.net
palrw.org
pmotqmf.com
pvuxb.info
qffszcfgyzn.org
qfoilcqp.com
qjafgfp.net
rfduzjbztg.biz
riuvunis.info
rlbidexd.org
rntbogfz.biz
rtkrhxsp.biz
ruolomicarp.org
rxytvgkapvw.biz
safxg.net
sdxkcnzcvhd.org
shbyxebiec.biz
srsoeggve.org
tbkmloh.net
tezjm.net
tilazlfn.com
tqlxquy.org
trxho.org
uiiwmmgr.com
upyuqxpmlxt.net
vdunf.net
vtewiyny.info
vuahzmvf.biz
vweoof.org
wkjhjr.com
xehlydgan.net
xmmzcsqm.biz
xtjejduc.org
xxwoteojg.biz
xytbvkrqhu.info
ybhufq.net
yenhbrt.biz
yfczve.info
ylfamhcgn.net
ylzbgyorfy.org
ysxbkquj.info
ythekdrar.net
yudxsol.org
yzbvrteij.biz
yzpjvpkdtq.biz
zjxuw.org
zpqhr.biz
zuuroktw.biz
zzkjecmf.com
Read more how to block Kido sites
Locate and delete Kido registry entries:
KEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\{random}\Parameters\”ServiceDll” = “Path to worm”
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\{random}\”ImagePath” = %SystemRoot%\system32\svchost.exe -k netsvcs
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
“TcpNumConnections” = dword:0×00FFFFFE
Read more how to delete Kido registry entries
Download RegistryBooster 2010 to scan errors caused by Kido
Detect and delete other Kido files:
%System%\[Random].dll
%Program Files%\Internet Explorer\[Random].dll
%Program Files%\Movie Maker\[Random].dll
%All Users Application Data%\[Random].dll
%Temp%\[Random].dll
%System%\[Random].tmp
%Temp%\[Random].tmp
We strongly recommend you to use spyware remover to track Kido and automaticaly remove Kido processes, registries and files as well as other spyware threats.
Kido
Leave a Reply
Subscribe
Search
Categories
- Adware
- Backdoor
- Browser Helper Object
- Browser Hijacker
- Fake warning messages
- Keylogger
- Malicious domains
- Remote Administration Tool (RAT)
- Rogue Antispyware
- Tracking Cookie
- Trojan
- Worm
Latest spyware threats
- Decrypt Protect Virus
- Win 8 Protection 2013
- Vista Protection 2013
- Safe PC Cleaner
- SpeedMaxPc
- Securebit
- Error Repair
- System Care Antivirus
- PC Fix Speed
- Win 7 Security Cleaner Pro
- Vista Security Cleaner Pro
- Antivirus Security 2013
- AVASoft Professional Antivirus
- XP Security Cleaner Pro
- Homeland Security Virus
Recently commented
- Google Redirect Virus
- Fake Microsoft Security Essentials Alert
- Win 7 Security Cleaner Pro
- Win 7 Anti-Virus 2011
- Smart PC Cleaner
- XP Antivirus 2012
- Windows Microsoft Guardian
- RegFix Pro
- XP Antispyware 2013
- Myfreeze.com
- Privacy Components
Malicious domains
- 7search.com
- iCityFind
- Antivirsword.com
- Webantispy.com
- Antivirmore.com
- Antivirglass.com
- Oksave9.co.cc
- Smartsecadv.com
- AV-look.com
- Profantivir.com
Fake warning messages
- Firefox need to update immediately
- Kaspersky Internet Security 2011 Enhanced Protection Mode
- Comodo Enhanced Protection Mode
- Microsoft Security Essentials Enhanced Protection Mode
- McAfee Enhanced Protection Mode
- Norton Antivirus Enhanced Protection Mode
- ESET Smart Security Enhanced Protection Mode
- Microsoft Defender Enhanced Protection Mode
- Avast Enhanced Protection Mode
- Fake “Windows – No Disk” alert
Tutorials
- Contact Us
- How to block malicious websites using HOSTS file?
- How to delete registry entries?
- How to download and install Spyware Doctor
- How to kill malicious processes?
- How to recognize a rogue security program?
- How to recognize a rogue website?
- How to unregister DLL files?
- Signs of browser hijacker infection
Archive
- May 2013
- April 2013
- March 2013
- February 2013
- January 2013
- December 2012
- November 2012
- October 2012
- September 2012
- August 2012
- July 2012
- June 2012
- May 2012
- April 2012
- March 2012
- February 2012
- January 2012
- December 2011
- November 2011
- October 2011
- September 2011
- August 2011
- July 2011
- June 2011
- May 2011
- April 2011
- March 2011
- February 2011
- January 2011
- December 2010
- November 2010
- October 2010
- September 2010
- August 2010
- July 2010
- June 2010
- May 2010
- April 2010
- March 2010
- February 2010
- January 2010
- December 2009
- November 2009
- October 2009
- September 2009
- August 2009
- July 2009
- June 2009
- May 2009
- April 2009
- March 2009
- February 2009
- January 2009
- December 2008
- November 2008
- October 2008
Tags
Security News- Beware of Decrypt Protect Virus ransomware
- What is Win 8 Protection 2013 and why it is dangerous
- Delete Vista Protection 2013 rogue tool
- Do not trust Safe PC Cleaner optimizer
- Remove SpeedMaxPc fake system optimizer
- What is Securebit and why you need to remove it
- Do not trust Error Repair rogue system tool
August 17th, 2011 at 1:04 pm
Don’t bother trying to remove this until you’ve applied Microsoft’s update KB958644 to your system, or it will be immediately infected again by other computers on the network. Windows update won’t do this if you’re infected because the worm blocks windows update. You must manually download http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=3205 or just search for KB958644. That fixes the vulnerability that allows the worm to spread.
Reply