“K0pL4xZ” Virus or VBWorm.QTT is computer virus that targeted on Microsoft Office files. This virus has been created using Visual Basic, Basically K0pL4xZ will change the icon and file type Microsoft Office.

To hiding K0pL4xZ will use Windows Media Player Classic icon, but if you always working carefully you will know this file type is .exe, OK let’s remove it.

Step to Remove K0pL4xZ Virus VBWorm.QTT

1. Disconnected your computer from network.

2. Turn off “System Restore” when in cleaning process.

3. Kill active virus process in your computer background using THIS 3rd tool.

4. Repair your registry using code below save it as repair.inf the right click on it choose install, or just download it HERE

[Version]
Signature=”$Chicago$”
Provider=Nobody

[DefaultInstall]
AddReg=UnhookRegKey
DelReg=del

[UnhookRegKey]
HKLM, Software\CLASSES\batfile\shell\open\command,,,”"”%1″” %*”
HKLM, Software\CLASSES\comfile\shell\open\command,,,”"”%1″” %*”
HKLM, Software\CLASSES\exefile\shell\open\command,,,”"”%1″” %*”
HKLM, Software\CLASSES\piffile\shell\open\command,,,”"”%1″” %*”
HKLM, Software\CLASSES\regfile\shell\open\command,,,”regedit.exe “%1″”
HKLM, Software\CLASSES\scrfile\shell\open\command,,,”"”%1″” %*”
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell,0, “Explorer.exe”
HKLM, SYSTEM\ControlSet001\Control\SafeBoot, AlternateShell,0, “cmd.exe”
HKLM, SYSTEM\ControlSet002\Control\SafeBoot, AlternateShell,0, “cmd.exe”
HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot, AlternateShell,0, “cmd.exe”
HKLM, SOFTWARE\Classes\exefile,,,application
HKCU, Software\Microsoft\Internet Explorer\Main, start page,0, “about:blank”
HKCU, Software\Microsoft\Internet Explorer\Main, Search Page,0, “about:blank”
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\HideFileExt, UncheckedValue,0×00010001,0
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden, UncheckedValue,0×00010001,1
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion, RegisteredOrganization,0, “Organization”
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion, RegisteredOwner,0, “Owner”
HKLM, SOFTWARE\Classes\txtfile, FriendlyTypeName,0, “@C:\Windows\system32\notepad.exe,-469″
HKLM, SOFTWARE\Classes\Word.Document.8,,,”Microsoft Word Document”
HKLM, SOFTWARE\Classes\Word.Document.8\DefaultIcon,,,”C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-01500 48383C9}\wordicon.exe,1″
HKLM, SOFTWARE\Classes\PowerPoint.Show.8,,, “Microsoft PowerPoint Presentation”
HKLM, SOFTWARE\Classes\PowerPoint.Show.8\DefaultIcon,,,”C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-015 0048383C9}\pptico.exe,1″
HKLM, SOFTWARE\Classes\Excel.Sheet.8,,,”Microsoft Excel Worksheet”
HKLM, SOFTWARE\Classes\Excel.Sheet.8\DefaultIcon,,,”C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-01500483 83C9}\xlicons.exe,1″
HKLM, SOFTWARE\Classes\Access.Application.11,,,”Microsoft Office Access Application”
HKLM, SOFTWARE\Classes\Access.Application.11\DefaultIcon,,,”C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-01 50048383C9}\accicons.exe,1″
HKCU, Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced, Hidden, 0×00010001,1
HKCU, Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced, HideFileExt, 0×00010001,0
HKCU, Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced, ShowSuperHidden, 0×00010001,1
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden,WarningIfNotDefault,0,”@ shell32.dll,-28964″

[del]
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\Explorer,NoFolderOptions
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\System,DisableRegistryTools
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\System,DisableTaskMgr
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\System,DIsablecmd
HKCU, Software\Microsoft\Internet Explorer\Main, Window Title
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer,NoFolderOptions
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System,DisableRegistryTools
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System,DisableTaskMgr
HKLM, SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore
HKCU, Software\Microsoft\Windows\CurrentVersion\Run, System
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop
HKCU, Software\Microsoft\Windows NT\CurrentVersion\Winlogon, shell
HKCU, Software\Policies\Microsoft\Windows\System, DisableCMD
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\HideFileExt, WarningIfNotDefault
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Run, cintaku
HKLM, SOFTWARE\Classes\exefile, FriendlyTypeName

5. Deleted file %systemroot%\Windows\desktop.ini using DOS prompt.

6. Find and deleted master files in hard disk and flash disk (if you use them), before you doing this set to show any hidden files in your computer.

Here the files list to deleted:

C:\Documents and Settings\%user%\Start Menu\Programs\Startup\Winhelp.exe
C:\Documents and Settings\%user%\Start Menu\Programs\Hellloo_Gheea.exe
C:\Documents and Settings\%user%\My Documents\Jangan_Dihapus_Apalagi_Dibuka.exe
C:\Documents and Settings\%user%\Start Menu\Koplaxz Kudo Shop.exe
C:\Documents and Settings\%user%\Start Menu\Programs\Hellloo_Gheea..exe

C:\Windows
TourWindowsXP.exe
svchost.exe
Kudo.com
command32.pif
KopLaXz@KudoShop.exe

C:\F4HM1_KudO_M4n4j3r.exe
C:\G0d3G.exe
C:\Ghe@_i_miss_u.3gp.exe (All Drive)
C:\K0pL4xZ.exe
C:\K 0 P L 4 X Z.exe
C:\KopLaXz@KudoShoP.exe (All Drive)
C:\R0n13G4N_G3Ndut_S3xY.exe
C:\R3eve5.exe

C:\K0pL4xZ@KudoShop (All Drive)
folder.htt
msvbvm60.dll
K0pL4xZ.exe

C:\K0pl4xZ@KudoShop\K0pL4xZ.exe

C:\[spasi] WINDOWS\System_FriendZ_KopLaXz32
F4HM1_KudO_M4n4j3r.exe
G0d3G.exe
K 0 P L 4 X Z.exe
R0n13G4N_G3Ndut_S3xY
R3eve5.exe

C:\ [space] Windows\Zx4Lp0K.html
C:\WIndows\system32\smkn2majalengka.scr
C:\Windows\system32\PCMAV.exe
C:\Windows\system32\Asholest.exe
C:\Documents and Settings\%user%\SendTo\KoPLaXzKudo(e-mail).exe
C:\Autorun.inf (All Drive)
C:\Desktop.ini (All Drive)
C:\A Letter 4 Ghe@.txt (All Drive)
C:\K0pL4xZ@kUdO_5h0P.txt
C:\Documents and Settings\All Users\Desktop\A Letter 4 Ghe@.inf
C:\WIndows\desktop.ini

Next search any files which have same criteria below and deleted it.

  • Using Icon “Windows Media Player” clasic / 3GP Video Format
  • Size 31 KB
  • Using .EXE, .PIF, .COM and .SCR extension
  • Type file “Application”

7. Reboot your computer and checked with updated AntiVirus.

    Digg Del.icio.us StumbleUpon Reddit Twitter RSS

SIMILAR POST :

Incoming search terms:

  • file conversion wordicon exe
  • cmd exe k start cmd exe virus
  • file conversion - wordicon exe
  • file conversion wordicon exe?
  • virus that transforms xls files in exe
  • cara memperbaiki Ms offiice 2007 yang setup exe is not a valid win32 application
  • mengatasi mydocument not a valid win32 aplication
  • removing virus word document 8
  • virus media player icons
  • virus icon word
  • virus cmd exe /k start cmd exe
  • virus icone word
  • virus icons change to word format
  • virus all icons replace by media player classic
  • video0029 3gp virus
  • txtfile friendlytypename notepad
  • site:istanto net
  • remove-k0pl4xz-virus-vbwormqtt
  • remove cmd exe /k start cmd exe
  • removal virus shortcut mediaplayer classic
  • xlicons exe office 2007 uninstall
  • virus new 3gp
  • wordicon exe file conversion
  • word 2010 file conversion wordicon exe
  • word 2007 file conversion wordicon exe
  • Which virus can change the format?
  • when i open 2010 microsoft a menu file conversion wordicon exe
  • what type of virus that convert media player classic files to exe
  • vps oft file format is not valid
  • virus wordicon cara mengatasinya
  • virus word document 8
  • virus winlogon shell cmd exe /k start cmd exe
  • virus winlogon removal tools
  • virus that transforms folders to exe files
  • virus sukabumi 3gp
  • virus shortcut windows media player
  • virus semua icon word di desktop
  • virus remove alternate shell cmd exe
  • virus news 3gp
  • qtt exe
  • pptico exe wordicon exe download
  • New 3gp xww
  • cara mengembalikan file excel yang file format is not valid
  • cara mengatasi player error
  • cara mengatasi masalah c:\documenst and setting\user\ is not a valid win32 application
  • cara mengatasi excel not valid win32
  • cara mengatasi excel is not valid win32
  • cara mengatasi excel cannot open the file because the file format or file extension is not valid
  • cara mengatasi cmd not valid
  • cara mengatasi cmd is not valid win32
  • cara memperbaiki setup exe is not a valid win32 application
  • cara memperbaiki excel 2007 is not valid
  • can not find script file "C:\desktop ini"
  • atasi microsoft office is not a valid win32 application
  • atasi file excel file format or extension is not valid
  • antivirus untuk virus shortcut media player classic
  • all shortcuts associated to open windows media player changed by virus
  • cara menghilangkan windows cannot find vshost exe
  • cara virus k0pl4xz
  • microsoft wordicon exe virus
  • mengembalikan explorer exe is not a valid win32 application
  • mengatasi xls is not a valid win32 application
  • mengatasi virus shourt media classic
  • mengatasi microsoft excel yang invalid win32
  • mengatasi error MSVBVM60 DLL
  • howto remove xlicons
  • how to remove virus media player classic icon
  • file conversion pptico exe
  • file conversion - xlicons exe
  • explorer exe is not a valid win32 application windows
  • download virus Virus K0pL4xZ
  • donwload format vshost
  • cmd exe /k start cmd exe virus
  • cmd exe /k start cmd exe
  • accicons exe removal tool

If you're new here, you may want to subscribe to my RSS feed. You may copy or publish this article to your blog or other site as long you give credit link back to this site article. Thanks for visiting my blog!


This entry was posted on Saturday, April 4th, 2009 at 9:40 AM and is filed under Computer And Internet, Miscellaneous, Tips & Trick. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.