Remove Win32.Kbot

Win32.Kbot is a backdoor Trojan with many look-alike friends out there that are looking to invade systems.  It is a Windows PE EXE file and its size is 12787 bytes.  Once it has launched, it will copy its executable file to the Windows system directory: %System%\mssrv32.exe.

Then it will create a phony “Microsoft security update service”.  Once this is clicked it will automatically launch the backdoor’s executable file each time Windows starts up.  This is the registry key that is created.  [HKLM\SYSTEM\CurrentControlSet\Services\msupdate]

AKA:
PWS-Zbot,
Generic!Artemis,
Winfixer,
Trojan.Crypt.ZPACK.Gen,
WinFixer.QR,
BKDR_KBOT.CI,
not-a-virus:Downloader.Win32.WinFixer.jf,
not-a-virus:Downloader.Win32.WinFixer.ld,
not-a-virus:FraudTool.Win32.BestSeller.i,
not-a-virus:Downloader.Win32.WinFixer.t, Win32/Adware.DriveCleaner

Related Files:
N/A

Recommended Action:
Remove at once.

Clear your system of Win32.Kbot by using Task Manager to end all of the program’s processes.  You will then have to delete the original backdoor file.  Then delete the following system registry key: [HKLM\SYSTEM\CurrentControlSet\Services\msupdate]

For automatic removal, try ZookaWare PC Cleaner.

Download Free Scan
ZookaWare runs on Windows Vista, 7, 8 and 10. It has no ads, popups or bundled software and fully uninstalls by clicking Start > All Programs > select ZookaWare and click Uninstall.

One Response

  1. Peter Murphy says:

    All my computer are now running like they’re all new! Thanks for an excellent product. SpyZooka is easy to use and I like it very much!

Leave a Reply

Your email address will not be published. Required fields are marked *

css.php