Step 1 : Use Registry Editor to Remove Kido Registry Values
To open the Registry Editor, go to Start > Run > type regedit and then press the "OK" button.
Locate and delete the entry or entries whose data value (in the rightmost column) is the spyware file(s) detected earlier.
To delete "Kido" value, right-click on it and select the "Delete" option.
Locate and delete "Kido" registry entries:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost, netsvcs = %Previous data% and %Random%
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Advanced\Folder\Hidden\SHO WALLCheckedValue = dword:00000000
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\{random}\"ImagePath" = %SystemRoot%\system32\svchost.exe -k netsvcs
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\{random}\Parameters\"ServiceDll" = "[PATH OF WORM]"
Step 2 : Use Windows Command Prompt to Unregister Kido DLL Files
To open the Windows Command Prompt, go to Start > Run > type cmd and then click the "OK" button.
Type "cd" in order to change the current directory, press the "space" button, enter the full path to where you believe the Kido DLL file is located and press the "Enter" button on your keyboard. If you don't know where Kido DLL file is located, use the "dir" command to display the directory's contents.
To unregister "Kido" DLL file, type in the exact directory path + "regsvr32 /u" + [DLL_NAME] (for example, :C\Spyware-folder\> regsvr32 /u Kido.dll) and press the "Enter" button. A message will pop up that says you successfully unregistered the file.
Search and unregister "Kido" DLL files:
%All Users Application Data%\[RANDOM FILE NAME].dll
%Program Files%\Movie Maker\[RANDOM FILE NAME].dll
%Program Files%\Internet Explorer\[RANDOM FILE NAME].dll
%Temp%\[RANDOM FILE NAME].dll
%System%\[RANDOM FILE NAME].dll
Step 3 : Detect and Delete Other Kido Files
To open the Windows Command Prompt, go to Start > Run > type cmd and then press the "OK" button.
Type in "dir /A name_of_the_folder" (for example, C:\Spyware-folder), which will display the folder's content even the hidden files.
To change directory, type in "cd name_of_the_folder".
Once you have the file you're looking for type in "del name_of_the_file".
To delete a file in folder, type in "del name_of_the_file".
To delete the entire folder, type in "rmdir /S name_of_the_folder".
Select the "Kido" process and click on the "End Process" button to kill it.
Remove the "Kido" processes files:
%Temp%\[Random].tmp
%System%\[Random].tmp
%All Users Application Data%\[RANDOM FILE NAME].dll
%Program Files%\Movie Maker\[RANDOM FILE NAME].dll
%Program Files%\Internet Explorer\[RANDOM FILE NAME].dll
%Temp%\[RANDOM FILE NAME].dll
%System%\[RANDOM FILE NAME].dll
to get removal tool for single PC and Network you can click
No comments:
Post a Comment