FRIHOSTFORUMSSEARCHFAQTOSBLOGSCOMPETITIONS
You are invited to Log in or Register a free Frihost Account!


Kinza.exe





Vermin
I am having problem with a virus named Kinza or something like that. It came to my computer through my flash drive which my friend used. My Procmon shows the virus but i can't delete it. Once, i opened in safe mode and delete it but it again reappeared when i started my computer in normal mode. Can anyone please help me? Sad
KHO
Kinza
Information
i. It make Computer too Slow.
ii. It makes stop response or restrict TaskManager, Regedit, CMD, Msconfig, Group
iii. Policies.Some Windows tools like Like TaskManager, Regedit suddenly gets closed or open for few second Like TaskManager, Regedit, etc.
iv. FolderOptions is Disable from Windows Explorer
v. It hide the hidden files.
vi. It extract itself and create lot of exe, dll, boot.vbs files
Precaution
1. Dont run in COMMAND.COM, It only run cmd.com
2. It only work on windows XP or latest Version

Source
i. Main source is Internet.
ii. Pen Drive which have Kinza.exe infected.
iii. CD which have Kinza.exe infected.

and Extract it.
ii. Turn off the System Restore point.
iii. Restart the computer the computer in Safemode.
iv. double click ssvichosst.bat from the extracted file.
iv. Delete temp file and internet temp file.
v. Restart the computer.
Now your PC is free from kinza.exe
aningbo
the guy above has given the detail info bt then m wondering what kinda anti virus do u have that its not letting u delete/remove the virus!
RiCtee
Quote:
iv. double click ssvichosst.bat from the extracted file.

And where do you get that bat file?

A quick scan with Spybot - Search & Destroy would do the trick (assuming you haven't tried it).
kansloos
Kinza.exe is likely not to be the only part of the virus. Else it wouldn't reappear

Have you already tried one of the many free virus scanners out there on the internet?
Avira Antivir, for example is a good one.

If that don't help, you can try to sweep your computer clean with a knoppix live cd and avast! linux home editon virusscanner.

Avira Antivir - http://www.free-av.com/
Knoppix - www.knopper.net
Avast - http://www.avast.com
Pokhara
Kinza virus is a not very dangerous spyware. It's main icon is like a setup program and it's name is kinza.exe. It creates boot.vbs file in the system directory and then loads it every time the windows starts. The file is a virus script. There are more than 6 files of the virus in the system directory. For eg dxdlg.exe, kinza.exe,e.t.c. Set the property of boot.vbs file to modifyable and then edit the file. Delete all the text in the file and write "END" in the file. than restart the computer. The virus is not gone but it disabled now and it cannot do any harm to your computer and it cannot replicate. But don't delete the boot.vbs file
bulek
Install Avira Antivir and run it in Safe mode. That should delete it.
neolite
Kinza virus has too many instances in the system directory. Emptying the boot.vbs file in system directory should work but it will not delete the virus as there are other instances like dxdlg.exe, imapd.exe, e.t.c
neolite
Kinza virus has too many instances in the system directory. Emptying the boot.vbs file in system directory should work but it will not delete the virus as there are other instances like dxdlg.exe, imapd.exe, e.t.c
neolite
Hey, i found a new technique to remove kinza. This completely removes kinza virus from your system. Just create a file named a.bat. Open it using notepad and paste the following code there

--------------------------copy from below line--------------------------------
cd\
taskkill /f /im wproxp.exe
taskkill /f /im isetup.exe
taskkill /f /im imapd.exe
taskkill /f /im dxdlg.exe
taskkill /f /im imapdb.exe
taskkill /f /im imapd.exe
taskkill /f /im imapdb.exe
taskkill /f /im scvvhsot.exe
taskkill /f /im wscript.exe
taskkill /f /im Kinza.exe

reg add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon" /v Userinit /f /d "%windir%\system32\userinit.exe",
reg add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon" /v Shell /f /d "explorer.exe"

reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /t Reg_Binary /v NoDriveAutoRun /f /d ffffff03
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /t Reg_dword /v NoDriveTypeAutoRun /f /d 36
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /t Reg_dword /v NoFolderOptions /f /d 0

reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System" /t Reg_dword /v DisbleRegistryTools /f /d 0
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System" /t Reg_dword /v DisableTaskMgr /f /d 0

del /a /f /s boot.vbs
del /a /f /s wproxp.exe
del /a /f /s isetup.exe
del /a /f /s imapd.exe
del /a /f /s ActMon.ini
del /a /f /s dxdlg.exe
del /a /f /s imapde.dll
del /a /f /s imapdd.dll
del /a /f /s imapdc.dll
del /a /f /s imapdb.exe
del /a /f /s imapd.exe
del /a /f /s imapdb.dll
del /a /f /s imapdb.exe
del /a /f /s Kinza.exe
del /a /f /s autorun.ini

-----------------------------copy till above line--------------------------
The kinza virus will be totally removed Very Happy Very Happy
aningbo
disabling autorun files from pendrive and cds and other removable drives is the best way to check virus this days...

hate it. the other possibility is never to double click on removable drive bt choose the "menu" from the address bar.

never double click any pendrives, floppies, cds... etc etc
Related topics
Calling Exe from Webbrowser
ads and .exe files
JAva HELP
elan.exe
How to make an execution file (*.exe) for java program?
explorer.exe
Run a exe file in HTML(not download, run it)
.EXE games in my website
BAT/CMD to EXE converter freeware?
.exe Files
jar to exe
svchost.exe
[var]Guia xa Edidión Hexadecimal Del Exe,Usando Diff Patcher
NTOSKRNL.EXE Missing
Reply to topic    Frihost Forum Index -> Computers -> Computer Problems and Support

FRIHOST HOME | FAQ | TOS | ABOUT US | CONTACT US | SITE MAP
© 2005-2011 Frihost, forums powered by phpBB.