“K0pL4xZ” Virus or VBWorm.QTT is computer virus that targeted on Microsoft Office files. This virus has been created using Visual Basic, Basically K0pL4xZ will change the icon and file type Microsoft Office.

To hiding K0pL4xZ will use Windows Media Player Classic icon, but if you always working carefully you will know this file type is .exe, OK let’s remove it.

Step to Remove K0pL4xZ Virus VBWorm.QTT

1. Disconnected your computer from network.

2. Turn off “System Restore” when in cleaning process.

3. Kill active virus process in your computer background using THIS 3rd tool.

4. Repair your registry using code below save it as repair.inf the right click on it choose install, or just download it HERE

[Version]
Signature=”$Chicago$”
Provider=Nobody

[DefaultInstall]
AddReg=UnhookRegKey
DelReg=del

[UnhookRegKey]
HKLM, Software\CLASSES\batfile\shell\open\command,,,”””%1″” %*”
HKLM, Software\CLASSES\comfile\shell\open\command,,,”””%1″” %*”
HKLM, Software\CLASSES\exefile\shell\open\command,,,”””%1″” %*”
HKLM, Software\CLASSES\piffile\shell\open\command,,,”””%1″” %*”
HKLM, Software\CLASSES\regfile\shell\open\command,,,”regedit.exe “%1″”
HKLM, Software\CLASSES\scrfile\shell\open\command,,,”””%1″” %*”
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell,0, “Explorer.exe”
HKLM, SYSTEM\ControlSet001\Control\SafeBoot, AlternateShell,0, “cmd.exe”
HKLM, SYSTEM\ControlSet002\Control\SafeBoot, AlternateShell,0, “cmd.exe”
HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot, AlternateShell,0, “cmd.exe”
HKLM, SOFTWARE\Classes\exefile,,,application
HKCU, Software\Microsoft\Internet Explorer\Main, start page,0, “about:blank”
HKCU, Software\Microsoft\Internet Explorer\Main, Search Page,0, “about:blank”
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\HideFileExt, UncheckedValue,0x00010001,0
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden, UncheckedValue,0x00010001,1
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion, RegisteredOrganization,0, “Organization”
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion, RegisteredOwner,0, “Owner”
HKLM, SOFTWARE\Classes\txtfile, FriendlyTypeName,0, “@C:\Windows\system32\notepad.exe,-469″
HKLM, SOFTWARE\Classes\Word.Document.8,,,”Microsoft Word Document”
HKLM, SOFTWARE\Classes\Word.Document.8\DefaultIcon,,,”C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-01500 48383C9}\wordicon.exe,1″
HKLM, SOFTWARE\Classes\PowerPoint.Show.8,,, “Microsoft PowerPoint Presentation”
HKLM, SOFTWARE\Classes\PowerPoint.Show.8\DefaultIcon,,,”C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-015 0048383C9}\pptico.exe,1″
HKLM, SOFTWARE\Classes\Excel.Sheet.8,,,”Microsoft Excel Worksheet”
HKLM, SOFTWARE\Classes\Excel.Sheet.8\DefaultIcon,,,”C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-01500483 83C9}\xlicons.exe,1″
HKLM, SOFTWARE\Classes\Access.Application.11,,,”Microsoft Office Access Application”
HKLM, SOFTWARE\Classes\Access.Application.11\DefaultIcon,,,”C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-01 50048383C9}\accicons.exe,1″
HKCU, Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced, Hidden, 0x00010001,1
HKCU, Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced, HideFileExt, 0x00010001,0
HKCU, Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced, ShowSuperHidden, 0x00010001,1
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden,WarningIfNotDefault,0,”@ shell32.dll,-28964″

[del]
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\Explorer,NoFolderOptions
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\System,DisableRegistryTools
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\System,DisableTaskMgr
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\System,DIsablecmd
HKCU, Software\Microsoft\Internet Explorer\Main, Window Title
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer,NoFolderOptions
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System,DisableRegistryTools
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System,DisableTaskMgr
HKLM, SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore
HKCU, Software\Microsoft\Windows\CurrentVersion\Run, System
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop
HKCU, Software\Microsoft\Windows NT\CurrentVersion\Winlogon, shell
HKCU, Software\Policies\Microsoft\Windows\System, DisableCMD
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\HideFileExt, WarningIfNotDefault
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Run, cintaku
HKLM, SOFTWARE\Classes\exefile, FriendlyTypeName

5. Deleted file %systemroot%\Windows\desktop.ini using DOS prompt.

6. Find and deleted master files in hard disk and flash disk (if you use them), before you doing this set to show any hidden files in your computer.

Here the files list to deleted:

C:\Documents and Settings\%user%\Start Menu\Programs\Startup\Winhelp.exe
C:\Documents and Settings\%user%\Start Menu\Programs\Hellloo_Gheea.exe
C:\Documents and Settings\%user%\My Documents\Jangan_Dihapus_Apalagi_Dibuka.exe
C:\Documents and Settings\%user%\Start Menu\Koplaxz Kudo Shop.exe
C:\Documents and Settings\%user%\Start Menu\Programs\Hellloo_Gheea..exe

C:\Windows
TourWindowsXP.exe
svchost.exe
Kudo.com
command32.pif
[email protected]

C:\F4HM1_KudO_M4n4j3r.exe
C:\G0d3G.exe
C:\[email protected]_i_miss_u.3gp.exe (All Drive)
C:\K0pL4xZ.exe
C:\K 0 P L 4 X Z.exe
C:\[email protected]oP.exe (All Drive)
C:\R0n13G4N_G3Ndut_S3xY.exe
C:\R3eve5.exe

C:\[email protected] (All Drive)
folder.htt
msvbvm60.dll
K0pL4xZ.exe

C:\[email protected]\K0pL4xZ.exe

C:\[spasi] WINDOWS\System_FriendZ_KopLaXz32
F4HM1_KudO_M4n4j3r.exe
G0d3G.exe
K 0 P L 4 X Z.exe
R0n13G4N_G3Ndut_S3xY
R3eve5.exe

C:\ [space] Windows\Zx4Lp0K.html
C:\WIndows\system32\smkn2majalengka.scr
C:\Windows\system32\PCMAV.exe
C:\Windows\system32\Asholest.exe
C:\Documents and Settings\%user%\SendTo\KoPLaXzKudo(e-mail).exe
C:\Autorun.inf (All Drive)
C:\Desktop.ini (All Drive)
C:\A Letter 4 [email protected] (All Drive)
C:\[email protected]_5h0P.txt
C:\Documents and Settings\All Users\Desktop\A Letter 4 [email protected]
C:\WIndows\desktop.ini

Next search any files which have same criteria below and deleted it.

  • Using Icon “Windows Media Player” clasic / 3GP Video Format
  • Size 31 KB
  • Using .EXE, .PIF, .COM and .SCR extension
  • Type file “Application”

7. Reboot your computer and checked with updated AntiVirus.

Similar Posts:

Related Search Terms:

  • file conversion wordicon exe
  • file conversion wordicon exe
  • cmd exe k start cmd exe virus
  • cmd exe k start cmd exe virus
  • virus that transforms xls files in exe
  • virus that transforms xls files in exe
  • virus semua icon word di desktop
  • file conversion pptico exe
  • remove cmd exe /k start cmd exe
  • virus semua icon word di desktop
  • removal virus shortcut mediaplayer classic
  • donwload format vshost
  • atasi microsoft office is not a valid win32 application
  • can not find script file "C:desktop ini"
  • atasi file excel file format or extension is not valid
  • pptico exe wordicon exe download
  • cara mengatasi excel is not valid win32
  • cara memperbaiki excel 2007 is not valid
  • explorer exe is not a valid win32 application windows
  • file conversion - xlicons exe
  • cara mengatasi excel not valid win32
  • cara mengatasi excel not valid win32
  • removal virus shortcut mediaplayer classic
  • donwload format vshost
  • atasi microsoft office is not a valid win32 application
  • can not find script file "C:desktop ini"
  • atasi file excel file format or extension is not valid
  • pptico exe wordicon exe download
  • remove cmd exe /k start cmd exe
  • cara memperbaiki excel 2007 is not valid
  • explorer exe is not a valid win32 application windows
  • file conversion - xlicons exe
  • cara mengatasi masalah c:documenst and settinguser is not a valid win32 application
  • file conversion pptico exe
  • cara mengatasi excel is not valid win32
  • cara mengatasi masalah c:documenst and settinguser is not a valid win32 application
    Digg Del.icio.us StumbleUpon Reddit Twitter RSS

If you're new here, you may want to subscribe to my RSS feed. You may copy or publish this article to your blog or other site as long you give credit link back to this site article. Thanks for visiting my blog!