9 Apr

Iddono removal – step by step

Short definition

Iddono removal is important because it is a backdoor Trojan that is rated as a highest danger to your PC because it gives the rogue author of this software remote access and control over the infected system. This kind of security threat comes in and runs silently. After installation, this Trojan might be remotely instructed to make any operation on your file system and to send back to caller the confidential information from your computer and perform any kind of harmful activity on your system. Sometimes backdoor virus might be referred as Remote Access Tool; however in this case, it is used for malicious hijacking, and it has nothing to do with the normal purpose of this advanced technology.

This Trojan also might be used for DDoS attacks and install other Trojans and keyloggers. The worst thing is that it not only compromises your security by itself but opens ports on your system and invites many other Trojans and viruses in.

The other known names of this malware

Backdoor.Win32.Iddono.14
Backdoor:Win32/Iddono.1_4
Win32/Iddono.14
Win32:Trojan-gen.
BackDoor.Iddono.14
Backdoor.Iddono.14
Backdoor.Iddono.1.4
Backdoor.Iddono.1.4
Troj/Iddono-14
BackDoor-AWG
Backdoor.IDDO.Cli
BackDoor.Iddono.A
Backdoor Program.LC

If your antivirus found and removes one like that, this will somehow minimize the threat of hijacking performed on your system; though, there is no a guaranty that the new modification of this Trojan will be traced by the antivirus if it is not updated frequently.

Different antiviruses might user different aliases to Iddono:

[Kaspersky] Backdoor.Iddono.20
[Panda] Backdoor Program, Backdoor Program.LC
[McAfee] BackDoor-AWG
[Computer Associates] Win32.Iddono.20.C, Backdoor/Iddono.20.A

The symptoms of possible presence

There are some signs that might help you to identify possible problem of infection by this backdoor Trojan. The system will slow down because it might run some high load malicious activities. There may appear many pop-up ads and new shortcuts on your desktop, or you home page suddenly is changed. Your E-mail might be flooded with spam or even mail letters from your name with attached viruses.

The possible way of the infection

The most simple and usual way to get this Trojan is to keep the level of your security protection setting for Internet browsing low. Downloading and installing freeware might come in a bundle with the Trojan pack. Visiting websites with bad reputation is another way to find your system hijacked unless the Iddono removal is not performed by the antivirus.

How to remove Iddono from your system

Basically, you need to remove all the related files and folders from your system, but there might be a plenty of them on your PC, and you can find that the special removal utility is much more proficient at doing this job than any human can be, and the human might easily miss some of the Trojan files that will later call to the remote controller over the Internet for the repair and update. Human virus hunter must be very attentive while doing this job, and an automatic removal utility is definitely better. One of these utilities you can find by clicking the link below, and it is FREE.

DownloadDownload Removal Tool

Instructions for manual removal:

1) Open Task Manager and kill the following processes:

backdoor.iddono.14.exe
backdoor.iddono.14_(272).exe
backdoor.iddono.14_( 310).exe
backdoor.iddono.20.exe
srvidd20.exe
editor.exe
[system root]\\newfolder.exe

2) Find and unregister this dll with CMD utility:

-1915207133.dll
shelliddono.dll
libedit.dll

3) Remove following files:

-1915207133.dll
libedit.dll
shelliddono.dll
backdoor.iddono.14.exe
backdoor.iddono.14_(272).exe
backdoor.iddono.14_(310).exe
backdoor.iddono.20.exe.
srv0104.ids
srvidd20.exe
newfolder.exe
[system root]\\newfolder.exe
editor.exe

The list of folders with the usual Iddono Trojan locations:

[%APPDATA%] – C:\Documents and Settings\UserName\Application Data\
[%COMMON_APPDATA%] – C:\Documents and Settings\All Users\Application Data\
[%COMMON_DESKTOPDIRECTORY%] – C:\Documents and Settings\All Users\Desktop\
[%COMMON_DOCUMENTS%] – C:\Documents and Settings\All Users\Documents\
[%COMMON_FAVORITES%] – C:\Documents and Settings\All Users\Favorites\
[%COMMON_PROGRAMS%] – C:\Documents and Settings\All Users\Start Menu\Programs\
[%COMMON_STARTMENU%] – C:\Documents and Settings\All Users\Start Menu\
[%COMMON_STARTUP%] – C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
[%COOKIES%] – C:\Documents and Settings\UserName\Cookies\
[%DESKTOPDIRECTORY%] – C:\Documents and Settings\UserName\Desktop\
[%FAVORITES%] – C:\Documents and Settings\UserName\Favorites\
[%FONTS%] – C:\WINDOWS\Fonts\
[%INTERNET_CACHE%] – C:\Documents and Settings\UserName\Local Settings\Temporary Internet Files\
[%LOCAL_APPDATA%] – C:\Documents and Settings\UserName\Local Settings\Application Data\
[%MYMUSIC%] – C:\Documents and Settings\UserName\My Documents\My Music\
[%MYPICTURES%] – C:\Documents and Settings\UserName\My Documents\My Pictures\
[%MYVIDEO%] – C:\Documents and Settings\UserName\My Documents\My Videos\
[%NETHOOD%] – C:\Documents and Settings\UserName\NetHood\
[%PERSONAL%] – C:\Documents and Settings\UserName\My Documents\
[%PRINTHOOD%] – C:\Documents and Settings\UserName\PrintHood\
[%PROFILE%] – C:\Documents and Settings\UserName\
[%PROFILE_TEMP%] – C:\Documents and Settings\UserName\Local Settings\Temp
[%PROFILEPATH%] – C:\Documents and Settings\UserName\
[%PROGRAM_FILES%] – C:\Program Files\
[%PROGRAM_FILES_COMMON%] – C:\Program Files\Common Files\
[%PROGRAMFILES%] – C:\Program Files\
[%PROGRAMS%] – C:\Documents and Settings\UserName\Start Menu\Programs\
[%RECENT%] – C:\Documents and Settings\UserName\Recent\
[%RESOURCES%] – C:\WINDOWS\resources\
[%SENDTO%] – C:\Documents and Settings\UserName\SendTo\
[%STARTMENU%] – C:\Documents and Settings\UserName\Start Menu\
[%STARTUP%] – C:\Documents and Settings\UserName\Start Menu\Programs\Startup\
[%SYSTEM%] – C:\WINDOWS\system32\
[%USER_RECYCLING_BIN%] – c:\Recycler\S-*
[%WINDOWS%] – C:\WINDOWS\

Check all of these folders or use Windows Search utility to remove all the copies of Trojan related files on your system. If a file for the removal is locked, then you either didn’t kill the process or it is started through the
Internet or by some other Trojan file. So, disconnect your computer from the internet, find and kill the process related to locked file again.
With a good luck and attentive following instructions during the process of removal, you will get rid of this Trojan.

If you miss something or just do not want to go through the Iddono removal manually and all of the things involved, than try to check following link. Good things about the use of automated removal utilities is that they are usually search the system for other related threats as well.

DownloadDownload Removal Tool

Be Sociable, Share!

Leave a Reply

Your email address will not be published. Required fields are marked *

Please count the number of objects to continue:
Enable this image please
I see:
- +
- +
- +