Remove Kinza isetup virus from your computer.
Because i have been encountering a lots of computers with this virus these days i am compelled to write about it.I beg for your pardon for this one is not as organized as i would have liked it to be.
If you notice change in your pendrive or flash cards icon from the normal one to the one that resembles the "explorer.exe" or the "My computer" then you are infected with the virus. Ok lets get started.
It is a good idea to clean up temp files and turn off system restore for a while. I use ccleaner
If you have the virus running you won't be able to use task manager so i would recommend a download called process explorer and autoruns .Both are safe apps from sysinternals now accquired by microsoft.Just google search for it here on the box.
Extract it from zip file and double click "procexp.exe" .Now we will kill some processes.
Look for "wscript.exe" and right click then click kill process tree.kill any of these processes below if they are running just like you killed wscript.exe.
If you notice change in your pendrive or flash cards icon from the normal one to the one that resembles the "explorer.exe" or the "My computer" then you are infected with the virus. Ok lets get started.
It is a good idea to clean up temp files and turn off system restore for a while. I use ccleaner
If you have the virus running you won't be able to use task manager so i would recommend a download called process explorer and autoruns .Both are safe apps from sysinternals now accquired by microsoft.Just google search for it here on the box.
Extract it from zip file and double click "procexp.exe" .Now we will kill some processes.
Look for "wscript.exe" and right click then click kill process tree.kill any of these processes below if they are running just like you killed wscript.exe.
wproxp.exe
isetup.exe imapd.exe
dxdlg.exe
kinza.exe
imapdb.exe
imapdc.exe
scvvhsot.exe
blastclnnn.exe
be sure that any of these processes above are not running before proceding any further.
isetup.exe imapd.exe
dxdlg.exe
kinza.exe
imapdb.exe
imapdc.exe
scvvhsot.exe
blastclnnn.exe
be sure that any of these processes above are not running before proceding any further.
Now unhide the files in your computer by clicking tools->folder options->view->show hidden files and folders
Also uncheck Hide extentions from for known file types and Hide protected operating system files(Recommended) click yes when warning prompt shows up.
If you are unable to get hold of folder option then copy these lines of reg keys below to a notepad and save it as regfix.bat
reg add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon" /v Userinit /f /d "%windir%\system32\userinit.exe",
reg add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon" /v Shell /f /d "explorer.exe"
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /t Reg_dword /v NoFolderOptions /f /d 0
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System" /t Reg_dword /v DisbleRegistryTools /f /d 0
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System" /t Reg_dword /v DisableTaskMgr /f /d 0
and then double click it. Now we delete the files. Click start menu->run and type system32 look for autorun.ini if exists delete it.from system32 folder.now delete these files from system32 folder
boot.vbs
wproxp.exe
isetup.exe
imapd.exe
ActMon.ini
dxdlg.exe
imapde.dll
imapdd.dll
imapdc.dll
imapdb.exe
imapd.exe
imapdb.dll
imapdb.exe
blastclnnn.exe
check if any of these files exist in the %SYSTEMROOT%\ that is windows folder also and delete if any.
Also go to %SYSTEMROOT%\system32\drivers\etc or C:\WINDOWS\system32\drivers\etc delete hints.exe or any other exe files that exist there.
Now click start menu->run and enter the other drive letters like
d:
this way we can avoid the autorun to do the damage.
Double clicking would nullify all the thing we have done till now and u will have to do it from start.
Look for and delete autorun.inf and/or kinza.exe and/or isetup.exe and/or explorer.exe
Repeat the same thing in all the partitioned drives.Like c:,e:,f: if you have.
Clean your pen drive or flash card the same way.
You can disable the autorun by copying the following lines on to notepad saving it as auto.reg and double clicking it.
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\Autorun.inf]@="@SYS:DoesNotExist"
Autorun was meant to simpify things for a user but it has turned out to be one of the biggest security blunders in microsoft os so disabling this feature is a sensible thing to do.
This should solve your problem if not write to me i will try to help.
Update!!!!!!!!: AntiKinza tool released see here
You can remove Kinza/isetup virus with it
Anonymous
May 13, 2008 at 9:36 PM
thank you very much bro for this tip.....