bo427543-z.exe trojan

Discussion in 'malware problems & news' started by Akuen, Nov 20, 2002.

Thread Status:
Not open for further replies.
  1. Akuen

    Akuen Guest

    I am using "the cleaner" to stop this program (bo427543-z.exe) from running, (it says it is a kuang trojan, but cannot remove it) but I can't find any info on what is copying the file. I am using win98, and I have searched my registry for keys Kuang is known to use, but found none. Anyone that could help me, please e-mail or post. Thanks.
     
  2. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,491
    Location:
    Netherlands
    Hi Akuen,

    Can you see if this is the one?
    http://www3.ca.com/virusinfo/Virus.asp?ID=9787
    If this does not provide enough info to remove the trojan, please go to our downloads-section: http://www.wilders.org/downloads.htm and download startuplist.zip
    Unzip and run the program and copy and paste the results in your next post. If there is anything in there you don´t want the world to know about, you´re welcome to mail or IM it to me.

    Regards,

    Pieter
     
  3. Akuen

    Akuen Guest

    Thank you for responding so quickly. I could not find that registry entry either, so I have sent you my startuplist file via email.
     
  4. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,491
    Location:
    Netherlands
    Well, it wasn´t that trojan. I know that much.
    Does Trojan Hunter recognize that file at all?
    What I´d like you to do first:
    Go to Internet Options > Temp. Internet Files > Settings > Show Objects, and examine all ActiveX objects you see there. Right-click them to see the properties. Remove everything that wasn´t put there by Microsoft, Macromedia or Outpost.
    Then look for this file C:\WINDOWS\WININIT.INI and remove this entry:
    [rename]
    C:\WINDOWS\BO4275~1.TCF=C:\WINDOWS\BO4275~1.EXE
    Next take a look in Config screen > Add/remove software if there are entries left of Newdotnet aka New.Net and remove these if present (don´t think so, just to make sure)
    Then go back to our downloads section and grab a copy of Adaware or Spybot S&D (preferably both) and let these programs clean your computer of the remnants of spy-ware.
    After rebooting you should be able to remove the file.
    That should do the trick :)

    Pieter
     
  5. Gavin - DiamondCS

    Gavin - DiamondCS Former DCS Moderator

    Joined:
    Feb 10, 2002
    Posts:
    2,080
    Location:
    Perth, Western Australia
    It might be that this is Kuang the virus, an extremely nasty specimen. Please email a copy to us at submit@diamondcs.com.au , and you will need a virus scanner to remove a viral infection (appends itself to lots of files)

    Actually the best way to remove Kuang the virus is with the Kuang client, connecting to yourself and then uninstalling the RAT/Virus.. this might be the way to go, I cannot provide you with this but I'm sure someone else can :D
     
  6. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,475
    Location:
    The Netherlands
    Agreed - as goes for many nasties like these ;)

    Most probably ;) - nevertheless, and for the record: no URLs to malware sites allowed over on this board. Anyone inclined, please use PM.

    regards.

    paul
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.