bo427543-z.exe trojan

Discussion in 'malware problems & news' started by Akuen, Nov 20, 2002.

Thread Status:
Not open for further replies.
  1. Akuen

    Akuen Guest

    I am using "the cleaner" to stop this program (bo427543-z.exe) from running, (it says it is a kuang trojan, but cannot remove it) but I can't find any info on what is copying the file. I am using win98, and I have searched my registry for keys Kuang is known to use, but found none. Anyone that could help me, please e-mail or post. Thanks.
     
  2. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,312
    Location:
    Netherlands
    Hi Akuen,

    Can you see if this is the one?
    http://www3.ca.com/virusinfo/Virus.asp?ID=9787
    If this does not provide enough info to remove the trojan, please go to our downloads-section: http://www.wilders.org/downloads.htm and download startuplist.zip
    Unzip and run the program and copy and paste the results in your next post. If there is anything in there you don´t want the world to know about, you´re welcome to mail or IM it to me.

    Regards,

    Pieter
     
  3. Akuen

    Akuen Guest

    Thank you for responding so quickly. I could not find that registry entry either, so I have sent you my startuplist file via email.
     
  4. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,312
    Location:
    Netherlands
    Well, it wasn´t that trojan. I know that much.
    Does Trojan Hunter recognize that file at all?
    What I´d like you to do first:
    Go to Internet Options > Temp. Internet Files > Settings > Show Objects, and examine all ActiveX objects you see there. Right-click them to see the properties. Remove everything that wasn´t put there by Microsoft, Macromedia or Outpost.
    Then look for this file C:\WINDOWS\WININIT.INI and remove this entry:
    [rename]
    C:\WINDOWS\BO4275~1.TCF=C:\WINDOWS\BO4275~1.EXE
    Next take a look in Config screen > Add/remove software if there are entries left of Newdotnet aka New.Net and remove these if present (don´t think so, just to make sure)
    Then go back to our downloads section and grab a copy of Adaware or Spybot S&D (preferably both) and let these programs clean your computer of the remnants of spy-ware.
    After rebooting you should be able to remove the file.
    That should do the trick :)

    Pieter
     
  5. Gavin - DiamondCS

    Gavin - DiamondCS Former DCS Moderator

    Joined:
    Feb 10, 2002
    Posts:
    2,080
    Location:
    Perth, Western Australia
    It might be that this is Kuang the virus, an extremely nasty specimen. Please email a copy to us at submit@diamondcs.com.au , and you will need a virus scanner to remove a viral infection (appends itself to lots of files)

    Actually the best way to remove Kuang the virus is with the Kuang client, connecting to yourself and then uninstalling the RAT/Virus.. this might be the way to go, I cannot provide you with this but I'm sure someone else can :D
     
  6. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    Agreed - as goes for many nasties like these ;)

    Most probably ;) - nevertheless, and for the record: no URLs to malware sites allowed over on this board. Anyone inclined, please use PM.

    regards.

    paul
     
Loading...
Thread Status:
Not open for further replies.