Satishmania When you remove everything impossible, whatever remains however improbable is the truth.

  • Steps to remove the virus Khatarnak.exe

    Filed under Troubleshooting Khatarnak.exe
    Oct 31

    This virus uses a file name that is a name of a legitimate windows process so its necessary to locate this file(s) using Process Explorer. Also note the path and file name of all files detected as WORM_AUTORUN.ACO. If the process you are looking for is not in the list displayed by Process Explorer, proceed to the succeeding solution set.

    1. Download Process Explorer.
    2. Extract the contents of the compressed (ZIP) file to a location of your choice.
    3. Execute Process Explorer by double-clicking PROCEXP.EXE.
    4. In the Process Explorer window, locate the malware file(s) detected earlier.
    5. Right-click on the detected files, then click Kill Process Tree.
    6. Do the same for all detected malware files in the list of running processes.
    7. Close Process Explorer.

    If the process you are looking for is not in the list displayed by Task Manager or Process Explorer, continue with the next solution procedure. If the malware process is in the list displayed by either Task Manager or Process Explorer, but you are unable to terminate it, restart your computer in safe mode.

    Removing/Restoring Autostart Entries from the Registry

    This solution deletes/modifies registry keys/entries added/modified by this malware. Before performing the steps below, make sure you know how to back up the registry and how to restore it if a problem occurs.

    1. Open Registry Editor. Click Start>Run, type REGEDIT, then press Enter.
    2. In the left panel, double-click the following:
      HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>
      Windows>CurrentVersion>Run
    3. In the right panel, locate the entry:
      Shell = “Explorer.exe KHATARNAK.exe”
    4. Right-click on the value name and choose Modify. Change the value data of this entry to:
      explorer.exe
    5. In the left panel, double-click the following:
      HKEY_CURRENT_USER>Software>Microsoft>
      Windows>CurrentVersion>Run
    6. In the right panel, locate and delete the entry:
      KHATARNAK Loader = “%System%\KHATARNAK.exe”
      (Note: %System% is the Windows system folder, which is usually C:\Windows\System on Windows 98 and ME, C:\WINNT\System32 on Windows NT and 2000, or C:\Windows\System32 on Windows XP and Server 2003.)

    Removing Other Added Entries from the Registry

    1. Still in Registry Editor, in the left panel, double-click the following:
      HKEY_CURRENT_USER>Software>Microsoft>Windows>
      CurrentVersion>Policies>System
    2. In the right panel, locate and delete the following:
      DisableTaskMgr = “1″
    3. In the left panel, double-click the following:
      HKEY_CURRENT_USER>Software>Microsoft>Windows>
      CurrentVersion>Policies>Explorer
    4. In the right panel, locate and delete the following:
      NofolderOptions = “1″
    5. Close Registry Editor.
    4 Comments

4 Responses to “Steps to remove the virus Khatarnak.exe”

  1. bhargav said on February 21st, 2009 at 1:18 pm

    awesome job satish keep up the good work… u seem 2 be better than many antivirus solutions…:) thanks man

  2. Satish Iyer said on February 21st, 2009 at 1:21 pm

    You are welcome.I once had the same virus in my system. I had to follow those same steps.

  3. ashenvi said on August 31st, 2009 at 9:01 am

    Thanks satish

  4. Anonymous said on November 24th, 2009 at 9:46 pm

    http://www.satishmania.com is very informative. The article is very professionally written. I enjoy reading http://www.satishmania.com every day.
    payday loans bc
    payday loans

Leave a Reply

Spam Protection by WP-SpamFree

Enter your email address:

Delivered by FeedBurner