“K0pL4xZ” Virus or VBWorm.QTT is computer virus that targeted on Microsoft Office files. This virus has been created using Visual Basic, Basically K0pL4xZ will change the icon and file type Microsoft Office.

To hiding K0pL4xZ will use Windows Media Player Classic icon, but if you always working carefully you will know this file type is .exe, OK let’s remove it.

Step to Remove K0pL4xZ Virus VBWorm.QTT

1. Disconnected your computer from network.

2. Turn off “System Restore” when in cleaning process.

3. Kill active virus process in your computer background using THIS 3rd tool.

4. Repair your registry using code below save it as repair.inf the right click on it choose install, or just download it HERE

[Version]
Signature=”$Chicago$”
Provider=Nobody

[DefaultInstall]
AddReg=UnhookRegKey
DelReg=del

[UnhookRegKey]
HKLM, Software\CLASSES\batfile\shell\open\command,,,”"”%1″” %*”
HKLM, Software\CLASSES\comfile\shell\open\command,,,”"”%1″” %*”
HKLM, Software\CLASSES\exefile\shell\open\command,,,”"”%1″” %*”
HKLM, Software\CLASSES\piffile\shell\open\command,,,”"”%1″” %*”
HKLM, Software\CLASSES\regfile\shell\open\command,,,”regedit.exe “%1″”
HKLM, Software\CLASSES\scrfile\shell\open\command,,,”"”%1″” %*”
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell,0, “Explorer.exe”
HKLM, SYSTEM\ControlSet001\Control\SafeBoot, AlternateShell,0, “cmd.exe”
HKLM, SYSTEM\ControlSet002\Control\SafeBoot, AlternateShell,0, “cmd.exe”
HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot, AlternateShell,0, “cmd.exe”
HKLM, SOFTWARE\Classes\exefile,,,application
HKCU, Software\Microsoft\Internet Explorer\Main, start page,0, “about:blank”
HKCU, Software\Microsoft\Internet Explorer\Main, Search Page,0, “about:blank”
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\HideFileExt, UncheckedValue,0×00010001,0
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden, UncheckedValue,0×00010001,1
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion, RegisteredOrganization,0, “Organization”
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion, RegisteredOwner,0, “Owner”
HKLM, SOFTWARE\Classes\txtfile, FriendlyTypeName,0, “@C:\Windows\system32\notepad.exe,-469″
HKLM, SOFTWARE\Classes\Word.Document.8,,,”Microsoft Word Document”
HKLM, SOFTWARE\Classes\Word.Document.8\DefaultIcon,,,”C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-01500 48383C9}\wordicon.exe,1″
HKLM, SOFTWARE\Classes\PowerPoint.Show.8,,, “Microsoft PowerPoint Presentation”
HKLM, SOFTWARE\Classes\PowerPoint.Show.8\DefaultIcon,,,”C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-015 0048383C9}\pptico.exe,1″
HKLM, SOFTWARE\Classes\Excel.Sheet.8,,,”Microsoft Excel Worksheet”
HKLM, SOFTWARE\Classes\Excel.Sheet.8\DefaultIcon,,,”C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-01500483 83C9}\xlicons.exe,1″
HKLM, SOFTWARE\Classes\Access.Application.11,,,”Microsoft Office Access Application”
HKLM, SOFTWARE\Classes\Access.Application.11\DefaultIcon,,,”C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-01 50048383C9}\accicons.exe,1″
HKCU, Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced, Hidden, 0×00010001,1
HKCU, Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced, HideFileExt, 0×00010001,0
HKCU, Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced, ShowSuperHidden, 0×00010001,1
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden,WarningIfNotDefault,0,”@ shell32.dll,-28964″

[del]
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\Explorer,NoFolderOptions
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\System,DisableRegistryTools
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\System,DisableTaskMgr
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\System,DIsablecmd
HKCU, Software\Microsoft\Internet Explorer\Main, Window Title
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer,NoFolderOptions
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System,DisableRegistryTools
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System,DisableTaskMgr
HKLM, SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore
HKCU, Software\Microsoft\Windows\CurrentVersion\Run, System
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop
HKCU, Software\Microsoft\Windows NT\CurrentVersion\Winlogon, shell
HKCU, Software\Policies\Microsoft\Windows\System, DisableCMD
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\HideFileExt, WarningIfNotDefault
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Run, cintaku
HKLM, SOFTWARE\Classes\exefile, FriendlyTypeName

5. Deleted file %systemroot%\Windows\desktop.ini using DOS prompt.

6. Find and deleted master files in hard disk and flash disk (if you use them), before you doing this set to show any hidden files in your computer.

Here the files list to deleted:

C:\Documents and Settings\%user%\Start Menu\Programs\Startup\Winhelp.exe
C:\Documents and Settings\%user%\Start Menu\Programs\Hellloo_Gheea.exe
C:\Documents and Settings\%user%\My Documents\Jangan_Dihapus_Apalagi_Dibuka.exe
C:\Documents and Settings\%user%\Start Menu\Koplaxz Kudo Shop.exe
C:\Documents and Settings\%user%\Start Menu\Programs\Hellloo_Gheea..exe

C:\Windows
TourWindowsXP.exe
svchost.exe
Kudo.com
command32.pif
KopLaXz@KudoShop.exe

C:\F4HM1_KudO_M4n4j3r.exe
C:\G0d3G.exe
C:\Ghe@_i_miss_u.3gp.exe (All Drive)
C:\K0pL4xZ.exe
C:\K 0 P L 4 X Z.exe
C:\KopLaXz@KudoShoP.exe (All Drive)
C:\R0n13G4N_G3Ndut_S3xY.exe
C:\R3eve5.exe

C:\K0pL4xZ@KudoShop (All Drive)
folder.htt
msvbvm60.dll
K0pL4xZ.exe

C:\K0pl4xZ@KudoShop\K0pL4xZ.exe

C:\[spasi] WINDOWS\System_FriendZ_KopLaXz32
F4HM1_KudO_M4n4j3r.exe
G0d3G.exe
K 0 P L 4 X Z.exe
R0n13G4N_G3Ndut_S3xY
R3eve5.exe

C:\ [space] Windows\Zx4Lp0K.html
C:\WIndows\system32\smkn2majalengka.scr
C:\Windows\system32\PCMAV.exe
C:\Windows\system32\Asholest.exe
C:\Documents and Settings\%user%\SendTo\KoPLaXzKudo(e-mail).exe
C:\Autorun.inf (All Drive)
C:\Desktop.ini (All Drive)
C:\A Letter 4 Ghe@.txt (All Drive)
C:\K0pL4xZ@kUdO_5h0P.txt
C:\Documents and Settings\All Users\Desktop\A Letter 4 Ghe@.inf
C:\WIndows\desktop.ini

Next search any files which have same criteria below and deleted it.

• Using Icon “Windows Media Player” clasic / 3GP Video Format
• Size 31 KB
• Using .EXE, .PIF, .COM and .SCR extension
• Type file “Application”

7. Reboot your computer and checked with updated AntiVirus.

SIMILAR POST :

• Remove W32/VBWorm.QXE (bulubebek)
• Remove virus AMBURADUL (all varian)
• HOW TO: Remove Facebook Virus W32/Obfuscated.D2!genr
• Remove MaHaDeWa VBS.Autorun.AM

Incoming search terms:

• file conversion wordicon exe
• virus mpc shortcuts
• cmd exe k start cmd exe virus
• file conversion - wordicon exe
• virus icon word
• virus that transforms xls files in exe
• file conversion wordicon exe?
• removing virus word document 8
• cara memperbaiki Ms offiice 2007 yang setup exe is not a valid win32 application
• mengatasi mydocument not a valid win32 aplication
• site:istanto net
• removal virus shortcut mediaplayer classic
• virus media player icons
• virus icons change to word format
• virus icone word
• remove cmd exe /k start cmd exe
• remove virus make exe to word
• virus cmd exe /k start cmd exe
• remove-k0pl4xz-virus-vbwormqtt
• virus all icons replace by media player classic
• video0029 3gp virus
• txtfile friendlytypename notepad
• qtt exe
• virus new 3gp
• vps oft file format is not valid
• what type of virus that convert media player classic files to exe
• when i open 2010 microsoft a menu file conversion wordicon exe
• Which virus can change the format?
• word 2007 file conversion wordicon exe
• word 2010 file conversion wordicon exe
• wordicon exe file conversion
• xlicon virus
• virus wordicon cara mengatasinya
• virus word document 8
• virus news 3gp
• virus remove alternate shell cmd exe
• virus semua icon word di desktop
• virus shortcut windows media player
• virus sukabumi 3gp
• virus that transforms folders to exe files
• virus winlogon removal tools
• virus winlogon shell cmd exe /k start cmd exe
• xlicons exe office 2007 uninstall
• pptico exe wordicon exe download
• New 3gp xww
• cara mengatasi virus shortcut media player classic
• cara mengatasi player error
• cara mengatasi masalah c:\documenst and setting\user\ is not a valid win32 application
• cara mengatasi k0pl4xz
• cara mengatasi excel not valid win32
• cara mengatasi excel is not valid win32
• cara mengatasi excel cannot open the file because the file format or file extension is not valid
• cara mengatasi cmd not valid
• cara mengatasi cmd is not valid win32
• cara memperbaiki setup exe is not a valid win32 application
• cara memperbaiki excel 2007 is not valid
• can not find script file "C:\desktop ini"
• atasi microsoft office is not a valid win32 application
• atasi file excel file format or extension is not valid
• antivirus untuk virus shortcut media player classic
• all shortcuts associated to open windows media player changed by virus
• cara mengembalikan file excel yang file format is not valid
• cara menghilangkan windows cannot find vshost exe
• cara virus k0pl4xz
• microsoft wordicon exe virus
• microsoft office 2010 virus get file conversion wordicon exe
• mengembalikan explorer exe is not a valid win32 application
• mengatasi xls is not a valid win32 application
• mengatasi virus shourt media classic
• mengatasi microsoft excel yang invalid win32
• mengatasi error MSVBVM60 DLL
• howto remove xlicons
• how to remove virus media player classic icon
• file conversion pptico exe
• file conversion - xlicons exe
• explorer exe is not a valid win32 application windows
• download virus Virus K0pL4xZ
• donwload format vshost
• cmd exe /k start cmd exe virus
• cmd exe /k start cmd exe
• accicons exe removal tool

If you're new here, you may want to subscribe to my RSS feed. You may copy or publish this article to your blog or other site as long you give credit link back to this site article. Thanks for visiting my blog!

This entry was posted on Saturday, April 4th, 2009 at 9:40 AM and is filed under Computer And Internet, Miscellaneous, Tips & Trick. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.