Activation error. Cannot set up server connection
Applies to:
 
  • Kaspersky Internet Security 2012
  • Kaspersky Anti-Virus 2012

    • If a Kaspersky Lab product installed on your computer displays the error "Cannot set up server connection", then in order to resolve the problem, perform the following actions:

    1. Check whether your computer is not infected by networm Kido

    You can find detailed instructions on how to disinfect the networm in the article How to remove network worm Net-Worm.Win32.Kido (aka Conficker, Downadup).

    2. Check your Internet connection

    Check if you have the Internet access. In order to do so, launch the browser Internet Explorer and open the Kaspersky Lab web site.

    3. Configure your Firewall

    If Firewall is installed on your computer, make sure that an allowing rule is created for the process avp.exe in the Firewall settings.

    InformationFirewall secures your computer protection on local networks and Internet. Firewall is a program which monitors data transfered via Internet or local networks. According to the Firewall settings, it blocks or allows data transferring.

    4. Check the system date

    You can find detailed information on how to check the system date.

    5. Try to activate later

    If the recommendations described above did not help to resolve the problem, try to activate later (in about an hour).

    How to clean a home PC from network worm Net-Worm.Win32.Kido (aka Conficker, Downadup)

  • Kaspersky Internet Security 6.0/7.0/2009/2010/2011
  • Kaspersky Anti-Virus 6.0/7.0/2009/2010/2011
    • Brief description of the Net-Worm.Win32.Kido family
     
    • It creates files autorun.inf and RECYCLED\{SID<....>}\RANDOM_NAME.vmx on removable drives (sometimes on public network shares)
    • It stores itself in the system as a DLL file with a random name, for example, c:\windows\system32\zorizr.dll
    • It registers itself in system services with a random name, for example, knqdgsm
    • It tries to attack network computers via 445 or 139 TCP port, using MS Windows vulnerability MS08-067.
    • It tries to access the following websites in order to learn the external IP address of the infected computer (we recommend configuring a network firewall rule to monitor connection attempts to these websites):

    Symptoms of a network infection

     

    • Anti-Virus product with enabled Intrusion Detection System informs of the attack Intrusion.Win.NETAPI.buffer-overflow.exploit

      Important!
       InformationMultiple repeating attack alerts proof that the remote computer (its address is reported in the alert) is infected. It is necessary to disnifect it, if possible.

       
    • It is impossible to access websites of the majority of antivirus companies, e.g. avira, avast, esafe, drweb, eset, nod32, f-secure, panda, kaspersky, etc.
    • An attempt to activate Kaspersky Anti-Virus or Kaspersky Internet Security with an activation code at a computer infected with the Net-Worm.Win32.Kido network worm may result in abnormal termination and output one of the following errors:
    • Activation procedure completed with system error 2.
    • Activation error: Server name cannot be resolved.
    • Activation error. Unable to connect to server. 

    InformationIf Kaspersky Anti-Virus/ Kaspersky Internet Security keeps reporting activation errors during activation on a computer not infected with Net-Worm.Win32.Kido, please refer to the Useful Links. It contains descriptions of possible activation errors.


    Protection measures

    MS Windows 95/MS Windows 98/MS Windows ME operating systems cannot be infected with this network worm.

     

    You are recommended to do the following on all hosts to prevent workstations and file servers from getting infected with the worm:

    1. Install Microsoft patches MS08-067, MS08-068, MS09-001 (on these pages you will have to select which operating system is installed on the infected PC, download corresponding patch and install it).
       
    2. Disable autorun of executable files on removable drives:

       
      1. download the utility KidoKiller (kk.zip) and extract it, for example, to disk C:
         
      2. open command line prompt:

         
        1. Windows Vista: Start > All programs > Standard > Run > type in cmd > press Enter.
        2. Windows XP/Server: Start > Run > type in cmd > Press Enter.

           
      3. run the file kk.exe with switch -a:
        • specify path to the file kk.exe.

          For example, if it is located on disk C:\, you should use the following the command:
          C:\kk.exe -a

           
        • press Enter.

    Methods of disinfection
     

    1. Download the archive kk.zip and extract the contents into a folder on the infected PC
       
    2. Disable the component File Anti-Virus of the Kaspersky Anti-Virus for run time of the utility if you have one of the following Kaspersky Lab applications installed on the infected PC:

      - Kaspersky Internet Security 2011;
      - Kaspersky Anti-Virus 2011;
      - Kaspersky Internet Security 2010;
      - Kaspersky Anti-Virus 2010;
      - Kaspersky Internet Security 2009;
      - Kaspersky Anti-Virus 2009;
      - Kaspersky Internet Security 7.0;
      - Kaspersky Anti-Virus 7.0;
      - Kaspersky Internet Security 6.0;
      - Kaspersky Anti-Virus 6.0.
       
    3. Run the file kk.exe

      If you run the kk.exe file without any switches, the utility will put a stop to active infection (kill threads and remove hooks), perform a memory scan and a scan of critical areas vulnerable to infection, clean up the registry, and scan flash drives.
       
    4. Wait till the scanning is complete.

      Warning If Agnitum Outpost Firewall is installed on the computer where the utility KidoKiller has been launched, it is necessary to reboot the PC after the utility finishes its work.
       
    5. Perform a full scan of your computer with Kaspersky Anti-Virus.

    Switches to run the file kk.exe from the command prompt

    Switch Description
    -f Scan hard disks.
    -n Scan network drives.
    -r Scan flash drives, scan removable hard  USB and FireWire disks.
    -y End program without pressing any key.
    -s Silent mode (without a black window)
    -l <file name> Write info into a log.
    -v Extended log maintenance (the switch -v works only in combination with the -l switch).
    -z Restore the following services:
    • Background Intelligent Transfer Service (BITS),
    • Windows Automatic Update Service (wuauserv),
    • Error Reporting Service (ERSvc/WerSvc),
    • Windows Defender (WinDefend),
    • Windows Security Center Service (wscsvc).
    -x Restore display of hidden system files.
    -a Disable autorun from all drives.
    -m Monitoring mode to protect the system from getting infected.
    -j Restore the registry branch SafeBoot (if the registry branch is deleted, computer cannot boot in Safe Mode).
    -help Show additional information about the utility.
     

    For example, in order to scan a flash drive and write a detailed log into the file report.txt (which will be created in the setup folder of the file kk.exe), use the following command:

    KK.exe -r -y -l report.txt -v

    in order to scan another disk or partition, D for example:

    KK.exe -p D:\