Remove Kinza isetup virus from your computer.

Because i have been encountering a lots of computers with this virus these days i am compelled to write about it.I beg for your pardon for this one is not as organized as i would have liked it to be.

If you notice change in your pendrive or flash cards icon from the normal one to the one that resembles the "explorer.exe" or the "My computer" then you are infected with the virus. Ok lets get started.

It is a good idea to clean up temp files and turn off system restore for a while. I use ccleaner

If you have the virus running you won't be able to use task manager so i would recommend a download called process explorer and autoruns .Both are safe apps from sysinternals now accquired by microsoft.Just google search for it here on the box.

Extract it from zip file and double click "procexp.exe" .Now we will kill some processes.
Look for "wscript.exe" and right click then click kill process tree.kill any of these processes below if they are running just like you killed wscript.exe.

isetup.exe imapd.exe

be sure that any of these processes above are not running before proceding any further.

Now unhide the files in your computer by clicking tools->folder options->view->show hidden files and folders

Also uncheck Hide extentions from for known file types and Hide protected operating system files(Recommended) click yes when warning prompt shows up.
If you are unable to get hold of folder option then copy these lines of reg keys below to a notepad and save it as regfix.bat

reg add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon" /v Userinit /f /d "%windir%\system32\userinit.exe",
reg add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon" /v Shell /f /d "explorer.exe"
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /t Reg_dword /v NoFolderOptions /f /d 0
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System" /t Reg_dword /v DisbleRegistryTools /f /d 0
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System" /t Reg_dword /v DisableTaskMgr /f /d 0

and then double click it. Now we delete the files. Click start menu->run and type system32 look for autorun.ini if exists delete it.from system32 delete these files from system32 folder


check if any of these files exist in the %SYSTEMROOT%\ that is windows folder also and delete if any.

Also go to %SYSTEMROOT%\system32\drivers\etc or C:\WINDOWS\system32\drivers\etc delete hints.exe or any other exe files that exist there.

Now click start menu->run and enter the other drive letters like
this way we can avoid the autorun to do the damage.
Double clicking would nullify all the thing we have done till now and u will have to do it from start.
Look for and delete autorun.inf and/or kinza.exe and/or isetup.exe and/or explorer.exe
Repeat the same thing in all the partitioned drives.Like c:,e:,f: if you have.
Clean your pen drive or flash card the same way.

You can disable the autorun by copying the following lines on to notepad saving it as auto.reg and double clicking it.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\Autorun.inf]@="@SYS:DoesNotExist"

Autorun was meant to simpify things for a user but it has turned out to be one of the biggest security blunders in microsoft os so disabling this feature is a sensible thing to do.

This should solve your problem if not write to me i will try to help.

You can remove Kinza/isetup virus with it

  1. aAkaR

    May 13, 2008 at 9:36 PM

    thank you very much bro for this tip.....

  1. Sheetal Thapaliya

    May 18, 2008 at 10:01 PM

    Its better to use Mr. Silicon's one click solution for removing kinza.exe... Download kinzaKiller from

  1. MangalMan

    May 21, 2008 at 11:05 PM

    Apparently newer version of kinza /isetup exist which i hadn't got the chance to analyze.I have written a small program which is in beta testing stage.I will be publishing it tomorrow so be patient until then.And KinzaKiller misses a lot of places as it turns out.

Post a Comment

Powered by Blogger.