Net-Worm.Win32.Kido.t

My system is Windows 2003 Server.
When i shutdown the computer or restart it, this virus go to almost all computers in the network.
i´m using kaspersky in my machine, and everytime the computer starts, appears a different kind of virus.
Now the name is Net-Worm.Win32.Kido.t - detected by Kaspersky
i suspect the svchost is infected, but i don´t know how to desinfect it..
here´s my log.
i´m brazilian and it´s my first post here.
hope someone help me.
sry my bad english.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:04:51, on 29/12/2008
Platform: Windows 2003 SP2 (WinNT 5.02.3790)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\Documents and Settings\Administrator\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\WINDOWS\system32\cisvc.exe
S:\dell\dataeng\bin\dcevt32.exe
S:\dell\dataeng\bin\dcstor32.exe
C:\WINDOWS\System32\dns.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\FIBS 2.0.2\fibs202.exe
C:\Program Files\Firebird\Firebird_2_0\bin\fbguard.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
S:\dell\sm\mr2kserv.exe
S:\dell\oma\bin\omsad32.exe
c:\Windows\srvany.exe
C:\Program Files\Bayer CropScience\SetupPegasus\PgsConfig.exe
C:\Program Files\Siagri\Agribusiness\Proteq\pserv32.exe
S:\dell\iws\bin\win32\omaws32.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\lserver.exe
C:\WINDOWS\System32\wins.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Firebird\Firebird_2_0\bin\fbserver.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\rdpclip.exe
C:\WINDOWS\system32\rdpclip.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
S:\Clanwin\ClamWin\bin\ClamTray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
S:\Clanwin\ClamWin\bin\ClamTray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rdpclip.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
S:\Clanwin\ClamWin\bin\ClamTray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Apoio Distribuidora\Alpha\Alpha.exe
S:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
S:\Clanwin\ClamWin\bin\ClamTray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
S:\Clanwin\ClamWin\bin\clamscan.exe
S:\Clanwin\ClamWin\bin\clamscan.exe
S:\Clanwin\ClamWin\bin\clamscan.exe
S:\Clanwin\ClamWin\bin\clamscan.exe
S:\Clanwin\ClamWin\bin\clamscan.exe
S:\Clanwin\ClamWin\bin\clamscan.exe
S:\Clanwin\ClamWin\bin\clamscan.exe
S:\Clanwin\ClamWin\bin\clamscan.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\rdpclip.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
S:\Clanwin\ClamWin\bin\ClamTray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
S:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
S:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Siagri\Agribusiness\Bin\sagrfina.exe
S:\Clanwin\ClamWin\bin\clamscan.exe
S:\Clanwin\ClamWin\bin\clamscan.exe
C:\Documents and Settings\Administrator\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://shdoclc.dll/hardAdmin.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uol.com.br/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,
O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - S:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [ClamWin] "S:\Clanwin\ClamWin\bin\ClamTray.exe" --logon
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-1963785134-826866253-3417678975-1026\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'FINANCEIRO SFI')
O4 - HKUS\S-1-5-21-1963785134-826866253-3417678975-1040\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'administracao')
O4 - HKUS\S-1-5-21-1963785134-826866253-3417678975-1055\..\Run: [] (User 'Antonio')
O4 - HKUS\S-1-5-21-1963785134-826866253-3417678975-1062\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'André')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - S:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - S:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O10 - Broken Internet access because of LSP provider 'c:\documents and settings\administrator\windows\system32\mswsock.dll' missing
O15 - ESC Trusted Zone: http://www.abusar.org
O15 - ESC Trusted Zone: http://www.adobe.com
O15 - ESC Trusted Zone: http://www.adslayuda.com
O15 - ESC Trusted Zone: http://*.apoioagricola
O15 - ESC Trusted Zone: http://view.atdmt.com
O15 - ESC Trusted Zone: http://www.brasilescola.com
O15 - ESC Trusted Zone: http://tools.bvrp.com
O15 - ESC Trusted Zone: http://tools.cisco.com
O15 - ESC Trusted Zone: http://www.cisco.com
O15 - ESC Trusted Zone: http://www.clamwin.com
O15 - ESC Trusted Zone: http://adclient-af.lp.uol.com.br
O15 - ESC Trusted Zone: http://ads.clubedohardware.com.br
O15 - ESC Trusted Zone: http://afiliados.adslresidencial.com.br
O15 - ESC Trusted Zone: http://baixaki.ig.com.br
O15 - ESC Trusted Zone: http://busca.uol.com.br
O15 - ESC Trusted Zone: http://diversao.uol.com.br
O15 - ESC Trusted Zone: http://dyn2.superdownloads.uol.com.br
O15 - ESC Trusted Zone: http://eleicoes.uol.com.br
O15 - ESC Trusted Zone: http://esporte.uol.com.br
O15 - ESC Trusted Zone: http://esportes.terra.com.br
O15 - ESC Trusted Zone: http://forum.clubedohardware.com.br
O15 - ESC Trusted Zone: http://forum.wmonline.com.br
O15 - ESC Trusted Zone: http://home.item.com.br
O15 - ESC Trusted Zone: http://imasters.uol.com.br
O15 - ESC Trusted Zone: http://my.uolk.uol.com.br
O15 - ESC Trusted Zone: http://noticias.uol.com.br
O15 - ESC Trusted Zone: http://paginas.terra.com.br
O15 - ESC Trusted Zone: http://ppi.terra.com.br
O15 - ESC Trusted Zone: http://sea.search.msn.com.br
O15 - ESC Trusted Zone: http://siagri.com.br
O15 - ESC Trusted Zone: http://sisnema.com.br
O15 - ESC Trusted Zone: http://superdownloads.uol.com.br
O15 - ESC Trusted Zone: http://vitrine.buscape.com.br
O15 - ESC Trusted Zone: http://www.activedelphi.com.br
O15 - ESC Trusted Zone: http://www.agatetepe.com.br
O15 - ESC Trusted Zone: http://www.baboo.com.br
O15 - ESC Trusted Zone: http://www.babooforum.com.br
O15 - ESC Trusted Zone: http://www.boadica.com.br
O15 - ESC Trusted Zone: http://www.buscape.com.br
O15 - ESC Trusted Zone: http://www.cceinformatica.com.br
O15 - ESC Trusted Zone: http://www.clubedohardware.com.br
O15 - ESC Trusted Zone: http://www.correios.com.br
O15 - ESC Trusted Zone: http://www.digirati.com.br
O15 - ESC Trusted Zone: http://www.enem.com.br
O15 - ESC Trusted Zone: http://www.forumpcs.com.br
O15 - ESC Trusted Zone: http://www.forumweb.com.br
O15 - ESC Trusted Zone: http://www.google.com.br
O15 - ESC Trusted Zone: http://www.ig.com.br
O15 - ESC Trusted Zone: http://www.istf.com.br
O15 - ESC Trusted Zone: http://www.itau.com.br
O15 - ESC Trusted Zone: http://www.itauempresas.com.br
O15 - ESC Trusted Zone: http://www.juliobattisti.com.br
O15 - ESC Trusted Zone: http://www.modulo.com.br
O15 - ESC Trusted Zone: http://www.netdownloads.com.br
O15 - ESC Trusted Zone: http://www.pcforum.com.br
O15 - ESC Trusted Zone: http://www.pcsnews.com.br
O15 - ESC Trusted Zone: http://www.santander.com.br
O15 - ESC Trusted Zone: http://www.siagri.com.br
O15 - ESC Trusted Zone: http://www.terra.com.br
O15 - ESC Trusted Zone: http://www.uol.com.br
O15 - ESC Trusted Zone: http://www.winconnection.com.br
O15 - ESC Trusted Zone: http://www.dtk.com.tw
O15 - ESC Trusted Zone: http://www.personalfirewall.comodo.com
O15 - ESC Trusted Zone: http://pt.delphi.com
O15 - ESC Trusted Zone: http://www.gfi.com
O15 - ESC Trusted Zone: http://www.gfisoftware.com
O15 - ESC Trusted Zone: http://pagead2.googlesyndication.com
O15 - ESC Trusted Zone: http://www.sefaz.rs.gov.br
O15 - ESC Trusted Zone: http://www.grisoft.com
O15 - ESC Trusted Zone: http://www.guiadohardware.net
O15 - ESC Trusted Zone: http://h10025.www1.hp.com
O15 - ESC Trusted Zone: http://h20180.www2.hp.com
O15 - ESC Trusted Zone: http://h20285.www2.hp.com
O15 - ESC Trusted Zone: http://h30091.www3.hp.com
O15 - ESC Trusted Zone: http://search.hp.com
O15 - ESC Trusted Zone: http://welcome.hp.com
O15 - ESC Trusted Zone: http://adserver.ig.com.br
O15 - ESC Trusted Zone: http://www.java.com
O15 - ESC Trusted Zone: http://www.knowledgestorm.com
O15 - ESC Trusted Zone: http://help.live.com
O15 - ESC Trusted Zone: http://search.live.com
O15 - ESC Trusted Zone: http://shared.live.com
O15 - ESC Trusted Zone: http://www.mail-archive.com
O15 - ESC Trusted Zone: http://www.mobilefun.co.uk
O15 - ESC Trusted Zone: http://www.motorola.com
O15 - ESC Trusted Zone: http://br.msn.com
O15 - ESC Trusted Zone: http://runonce.msn.com
O15 - ESC Trusted Zone: http://www.nsauditor.com
O15 - ESC Trusted Zone: http://www.openwindow.com
O15 - ESC Trusted Zone: http://*.portableapps.com
O15 - ESC Trusted Zone: http://www.programurl.com
O15 - ESC Trusted Zone: http://www.rnp.br
O15 - ESC Trusted Zone: http://optusnet.dl.sourceforge.net
O15 - ESC Trusted Zone: http://prdownloads.sourceforge.net
O15 - ESC Trusted Zone: http://ufpr.dl.sourceforge.net
O15 - ESC Trusted Zone: http://*.sourceforge.net
O15 - ESC Trusted Zone: http://download2.speedbit.com
O15 - ESC Trusted Zone: http://sdlc-esd.sun.com
O15 - ESC Trusted Zone: http://barra.uol.com.br
O15 - ESC Trusted Zone: http://de.uol.com.br
O15 - ESC Trusted Zone: http://www.vitaltech-group.com
O15 - ESC Trusted Zone: http://www.warez-bb.org
O15 - ESC Trusted Zone: http://m.webtrends.com
O15 - ESC Trusted Zone: http://en.wikipedia.org
O15 - ESC Trusted Zone: http://pt.wikipedia.org
O15 - ESC Trusted Zone: http://*.windowsupdate.com
O15 - ESC Trusted Zone: http://www.xteq.de
O15 - ESC Trusted Zone: http://www.yougetsignal.com
O15 - ESC Trusted Zone: http://runonce.msn.com (HKLM)
O15 - ESC Trusted Zone: http://*.windowsupdate.com (HKLM)
O15 - ESC Trusted IP range: http://201.18.39.42
O15 - ESC Trusted IP range: http://207.46.19.30
O15 - ESC Trusted IP range: http://192.168.0.1
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1211198522540
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1211891972421
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Systems Management Event Manager (dcevt32) - Dell Inc. - S:\dell\dataeng\bin\dcevt32.exe
O23 - Service: Systems Management Data Manager (dcstor32) - Dell Inc. - S:\dell\dataeng\bin\dcstor32.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: FIBSBackupService - Talat Dogan - C:\Program Files\FIBS 2.0.2\fibs202.exe
O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - FirebirdSQL Project - C:\Program Files\Firebird\Firebird_2_0\bin\fbguard.exe
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - FirebirdSQL Project - C:\Program Files\Firebird\Firebird_2_0\bin\fbserver.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: mr2kserv - LSI Logic Corporation - S:\dell\sm\mr2kserv.exe
O23 - Service: OM Common Services (omsad) - Dell Inc. - S:\dell\oma\bin\omsad32.exe
O23 - Service: Pegasus - Unknown owner - c:\Windows\srvany.exe
O23 - Service: Pserv32 - SafeNet, Inc - C:\Program Files\Siagri\Agribusiness\Proteq\pserv32.exe
O23 - Service: Secure Port Server (Server Administrator) - Unknown owner - S:\dell\iws\bin\win32\omaws32.exe

--
End of file - 15265 bytes

can someone help me?
thx.
i read about this virus
and i downloaded a fix from microsoft
instaled but now, the virus is back..
=/

Please
someone help me..
i don´t know more what to do..
thx for your attention

106 views and nobody knows?
please people..
:/

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.

Upon completing the steps below a staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:

• Download DDS by sUBs from one of the following links. Save it to your desktop.
  • DDS.com
  • DDS.scr
  • DDS.pif
• Double click on the DDS icon, allow it to run.
• A small box will open, with an explaination about the tool. No input is needed, the scan is running.
• Notepad will open with the results, click no to the Optional_Scan
• Follow the instructions that pop up for posting the results.
• Close the program window, and delete the program from your desktop.

Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HERE

This may seem repetitive, but we need to see the current status of your system.
Please Hold on it may take us a day or so to get back with you.

R,
K

Due to the lack of feedback, this Topic is now closed.

If you still have problems, please Start a new topic.

Or contact any Moderator to reopen it if still applicable.

R,
K