Remove kinza/isetup with AntiKinza tool
I just compiled something to kill kinza/isetup.The batch file solutions floating around in the web did not completely clean the virus.So i thought why not to write something.So i did.You can get it from bottom of this post.
I did a bit of research into how this particular virus acted.Apparently there are at least 3 known variant of this virus in the wild.Anti Virus programs detect only a portion of its installed or rather implanted files.Also they don't reverse the registry key changes.
In my case some memory corruption was also observed because of this virus in ctfmon.exe and explorer.exe processes.
I got messages like
"The instruction at "0*00a4143d" referenced memory at "0*00a4143d".The
memory could not be read ".
Whenever i wanted to shutdown.Clicking ok did let me shutdown though.
Warning:(This needs restart)
You have to run this AntiKinza file twice to completely get rid of the virus if you are running in Normal mode.In the first run you will have to restart your computer.Second run won't need
restart.Run this in safe mode to remove the virus without restart.
Please save all your important documents and file and close all the running applications before running this program.
I won't be responsible for any damages caused by your actions.
Read carefully.
Steps to be followed.(important:-Follow Step no.5 strictly in normal mode)
1)Double click AntiKinza.exe
You will be presented with this prompt.
2)Click OK if you're done as it says.
3)Second prompt tells you wheather or not your computer has the virus in your system
Click Yes if you want to clean it.Click No to exit.If Your computer does not have virus then another prompt will show up telling you that you don't have virus and if you want to disable your autorun feature?
Clicking here will disable autorun.Which is a recommended thing to do.Because increasing number of the viruses are resorting to use this path to get into your computer.
4)If you computer has virus and if you click yes in step 3) Virus cleaning willstart.
5)Next prompt will ask you if you are running antikinza for the first time in Normal mode.If this is the case click Yes.This will restart your computer.After restart you will have to run the antikinza one more time to completely remove kinza/isetup if you running it from Normal mode. Click no if you are running antikinza for the second time in normal mode.
6)Running antikinza from the safe mode would completely get you rid of thevirus in one run.Click No if you are running antikinza from safe mode.
Your IE homepage will be set to back2mangalman.blogspot.com if you agree to run this program.Do you think i should be hanged for doing this? Please comment.I had to spend
a lots of time come up with this.
I did a bit of research into how this particular virus acted.Apparently there are at least 3 known variant of this virus in the wild.Anti Virus programs detect only a portion of its installed or rather implanted files.Also they don't reverse the registry key changes.
In my case some memory corruption was also observed because of this virus in ctfmon.exe and explorer.exe processes.
I got messages like
"The instruction at "0*00a4143d" referenced memory at "0*00a4143d".The
memory could not be read ".
Whenever i wanted to shutdown.Clicking ok did let me shutdown though.
Warning:(This needs restart)
You have to run this AntiKinza file twice to completely get rid of the virus if you are running in Normal mode.In the first run you will have to restart your computer.Second run won't need
restart.Run this in safe mode to remove the virus without restart.
Please save all your important documents and file and close all the running applications before running this program.
I won't be responsible for any damages caused by your actions.
Read carefully.
Steps to be followed.(important:-Follow Step no.5 strictly in normal mode)
1)Double click AntiKinza.exe
You will be presented with this prompt.
2)Click OK if you're done as it says.
3)Second prompt tells you wheather or not your computer has the virus in your system
Click Yes if you want to clean it.Click No to exit.If Your computer does not have virus then another prompt will show up telling you that you don't have virus and if you want to disable your autorun feature?
Clicking here will disable autorun.Which is a recommended thing to do.Because increasing number of the viruses are resorting to use this path to get into your computer.
4)If you computer has virus and if you click yes in step 3) Virus cleaning willstart.
5)Next prompt will ask you if you are running antikinza for the first time in Normal mode.If this is the case click Yes.This will restart your computer.After restart you will have to run the antikinza one more time to completely remove kinza/isetup if you running it from Normal mode. Click no if you are running antikinza for the second time in normal mode.
6)Running antikinza from the safe mode would completely get you rid of thevirus in one run.Click No if you are running antikinza from safe mode.
Your IE homepage will be set to back2mangalman.blogspot.com if you agree to run this program.Do you think i should be hanged for doing this? Please comment.I had to spend
a lots of time come up with this.
This can be reversed any time you want from Internet
Explorer->tools->Internet options->General ->Home page.
Download AntiKinza here
Explorer->tools->Internet options->General ->Home page.
Download AntiKinza here
Anonymous
May 23, 2008 at 5:40 AM
you r doing grt man.