the *ucking khatra.exe
hi guys,
at present khatra.exe is increasing its havoc..
the virus when uploaded in any system creates the .exe file in the name of the folders along with the icon of the folder..
later when it reaches the windows folder it disabled the regedit and control panel by reseting there registry values..
more havoc comes when the virus effects the whole disk ,the disk becomes inaccessible..
the virus spreads mainly from any shared folders or any removable drive..
so careful when sharing folders or using removable storage..
can any one tell how to defend it and the concept of the virus??
at present khatra.exe is increasing its havoc..
the virus when uploaded in any system creates the .exe file in the name of the folders along with the icon of the folder..
later when it reaches the windows folder it disabled the regedit and control panel by reseting there registry values..
more havoc comes when the virus effects the whole disk ,the disk becomes inaccessible..
the virus spreads mainly from any shared folders or any removable drive..
so careful when sharing folders or using removable storage..
can any one tell how to defend it and the concept of the virus??
Replies to This Discussion
-
Permalink Reply by sikandar on -
Hi Toshu,
I think you have to install avira antivir to protect your pc from that lvly virus. But before that you have to install first trojan remover and then scan system fully. After this you can install avira and you are free to live from that virus. you can download avira from it's own site.
This works in mine nd my frnd's pc and i hope it will works on your pc too..
Try this till the solution..!
-
Permalink Reply by nE0kRypt0 on -
THIS WILL HELP YOU! ENJOY!!
Following are the processes:
KHATRA.EXE
gHost.exe
Xplorer.exe
Note: When you are infected a message will be shown that “You ‘ve files ready to be written to cd” because this one copies the files to cd-burning folder..!
AVG may not detect this..
You can remove this manually.
Login in Safe Mode. If you have linux it’ll be much easier. Kill the processes,Delete the files using KillBox
Xplorer.exe
KHATRA.exe
gHost.exe
Now Delete its backup files ,it may be present in
\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\CD Burning\KHATRA.exe
\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\CD Burning\Autoplay.inF
\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\CD Burning\Default User.exe
\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\CD Burning\New Folder(3).exe
\Windows\Xplorer.exe
\Windows\KHATARNAKH.exe
\Windows\System32\KHATRA.exe
\Windows\System\gHost.exe
\Windows\inf\Autoplay.inF
\Windows\Tasks\At1.job
Also search these files in %SystemDrive% and delete them too
Your registry,process manager,cpanel will be disabled..
To enable registry Click Here
Install this inf file.
To enable process manger etc. Click Here
To enable c-panel
——————–
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\
Explorer]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\
Explorer]
NoControlPanel
REG_DWORD (DWORD Value)
(0 = disable restriction, 1 = enable restriction)
Also search the registry for these files and remove the entries..
Also remove the .exe files…
one thing u have to keep in mind that this virus creates some .cab files too named
new-screamsaver.com, New Winzip File.cab, New Winrar archive, Youtube, supermodels, kavSetupEng3857
mario675, New WinRAR archive,ft_antivirussetup6534, CyberWar, K.Backup in ur Windows Directory
Now Restart….!
-
Permalink Reply by toshu on -
yeh even t tried and examined the functioning of the virus...even i got the information like this but not this elaborate....
thanks for support...
-
Permalink Reply by Anarchy Angel on -
thanx for the tip yo, the best defence is linux :P as for the idea behind it i have no idea.
© 2009 Created by pdp on Ning. Create a Ning Network!
