/virus/virus_kinza

Virus Removal Techniques

Special Case: Removing Kinza virus

Initial Symptoms:

  • The removable drive (pen drive) with the windows explorer icon

Source Files at the system

  • %systemroot%\system32\boot.vbs
  • %systemroot%\system32\imapd.exe and its variants

Removal

  • Kill the process dxdlg, wscript, imapd from process explorer
  • Remove the entry boot.vbs, wproxp, imapd from the logon tab of tool autoruns
  • Remove the files
    %systemroot%\system32\wproxp.exe
    %systemroot%\system32\imapd.exe
    %systemroot%\system32\imapdb.exe
    %systemroot%\system32\imapde.dll
    %systemroot%\system32\imapdd.dll
    %systemroot%\system32\imapdc.dll
    %systemroot%\system32\imapdb.dll
    %systemroot%\system32\Kinza.exe
  • Some variants of imapd are not deleted (giving the message access denied) but they can be renamed and delted afterwards

Alternatively

  • You can run these scripts from the command line
  • Make sure your system is Windows XP, otherwise these scripts will force you not to login the system once you run them and logout (esp. in Windows 2000 and 98)

cd\
taskkill /f /im wproxp.exe
taskkill /f /im isetup.exe
taskkill /f /im imapd.exe
taskkill /f /im dxdlg.exe
taskkill /f /im imapdb.exe
taskkill /f /im imapd.exe
taskkill /f /im imapdb.exe
taskkill /f /im scvvhsot.exe
taskkill /f /im wscript.exe
taskkill /f /im Kinza.exe

reg add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon" /v Userinit /f /d "%windir%\system32\userinit.exe",
reg add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon" /v Shell /f /d "explorer.exe"

reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /t Reg_Binary /v NoDriveAutoRun /f /d ffffff03
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /t Reg_dword /v NoDriveTypeAutoRun /f /d 36
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /t Reg_dword /v NoFolderOptions /f /d 0

reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System" /t Reg_dword /v DisbleRegistryTools /f /d 0
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System" /t Reg_dword /v DisableTaskMgr /f /d 0

del /a /f /s boot.vbs
del /a /f /s wproxp.exe
del /a /f /s isetup.exe
del /a /f /s imapd.exe
del /a /f /s ActMon.ini
del /a /f /s dxdlg.exe
del /a /f /s imapde.dll
del /a /f /s imapdd.dll
del /a /f /s imapdc.dll
del /a /f /s imapdb.exe
del /a /f /s imapd.exe
del /a /f /s imapdb.dll
del /a /f /s imapdb.exe
del /a /f /s Kinza.exe
del /a /f /s autorun.ini

  • Run notepad and copy-paste above scripts and save as folder-virus-remover.bat
  • Run the batch file by double clicking.

For kinza specific tool goto

Download

kinza-remover (Windows XP only)

isetup-remover (Windows XP only)

Nepali Unicode links

How to type in Nepali Unicode in XP

Nepali Fonts Keyboard Layout

Preeti to Unicode Converter

Fontasy Himali to Unicode Converter

Type in english to Unicode

Virus Tools

Virus Removing Tools

Remove Folder Virus in easy steps

Remove IPH Virus



Free Web Hosting