PDA

View Full Version : Manual Removal Guide for Killsoft.V2008


Friday
2008-11-28, 17:42
The following instructions have been created to help you to get rid of "Killsoft.V2008" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site (http://www.safer-networking.org/index.php?page=donate).

Threat Details:

Categories:
malware

Description:
Killsoft.V2008 is hosted on Baidu servers, it installs normally but shows intentional false positives like non existent files.
Supposed Functionality:
Supposed to be a security tool.
Removal Instructions:

Installed Software List:

You can try to uninstall products with the names listed below; for items identified by other properties or to avoid malware getting active again on uninstallation, use Spybot-S&D (http://www.safer-networking.org/index.php?page=spybotsd) or RunAlyzer (http://www.safer-networking.org/index.php?page=runalyzer) to locate and get rid of these entries.

Products that have a key or property named "完美卸载V2008_is1".

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.

The file at "<$PROGRAMFILES>\完美卸载V2008\ActionUP.exe".
The file at "<$PROGRAMFILES>\完美卸载V2008\ADS.CFG".
The file at "<$PROGRAMFILES>\完美卸载V2008\AlcwNetDrv.sys".
The file at "<$PROGRAMFILES>\完美卸载V2008\AlcwWmDrv.sys".
The file at "<$PROGRAMFILES>\完美卸载V2008\Alert.wav".
The file at "<$PROGRAMFILES>\完美卸载V2008\AutoDetect.exe".
The file at "<$PROGRAMFILES>\完美卸载V2008\AutoInst.exe".
The file at "<$PROGRAMFILES>\完美卸载V2008\CheckTrust.dll".
The file at "<$PROGRAMFILES>\完美卸载V2008\ChkDisk.exe".
The file at "<$PROGRAMFILES>\完美卸载V2008\CleanFav.exe".
The file at "<$PROGRAMFILES>\完美卸载V2008\CleanShortCuts.exe".
The file at "<$PROGRAMFILES>\完美卸载V2008\CleanShortCuts.ini".
The file at "<$PROGRAMFILES>\完美卸载V2008\DiskDrag.exe".
The file at "<$PROGRAMFILES>\完美卸载V2008\DlPatch.exe".
The file at "<$PROGRAMFILES>\完美卸载V2008\DriveOP.ini".
The file at "<$PROGRAMFILES>\完美卸载V2008\DriverOP.exe".
The file at "<$PROGRAMFILES>\完美卸载V2008\eClose.exe".
The file at "<$PROGRAMFILES>\完美卸载V2008\English.ini".
The file at "<$PROGRAMFILES>\完美卸载V2008\FileWipe.exe".
The file at "<$PROGRAMFILES>\完美卸载V2008\FixNetWork.exe".
The file at "<$PROGRAMFILES>\完美卸载V2008\FolderMagic.exe".
The file at "<$PROGRAMFILES>\完美卸载V2008\FolderMagic.ini".
The file at "<$PROGRAMFILES>\完美卸载V2008\ForceKiller.exe".
The file at "<$PROGRAMFILES>\完美卸载V2008\FormatDisk.exe".
The file at "<$PROGRAMFILES>\完美卸载V2008\GrayBirdKiller.exe".
The file at "<$PROGRAMFILES>\完美卸载V2008\Ie2k.dat".
The file at "<$PROGRAMFILES>\完美卸载V2008\IE7.dat".
The file at "<$PROGRAMFILES>\完美卸载V2008\Ie9x.dat".
The file at "<$PROGRAMFILES>\完美卸载V2008\IeClean.ico".
The file at "<$PROGRAMFILES>\完美卸载V2008\IeNop.dat".
The file at "<$PROGRAMFILES>\完美卸载V2008\IeRepair.exe".
The file at "<$PROGRAMFILES>\完美卸载V2008\IPCRepair.reg".
The file at "<$PROGRAMFILES>\完美卸载V2008\IPRules.dat".
The file at "<$PROGRAMFILES>\完美卸载V2008\KBClean.exe".
The file at "<$PROGRAMFILES>\完美卸载V2008\license.TXT".
The file at "<$PROGRAMFILES>\完美卸载V2008\Local.gif".
The file at "<$PROGRAMFILES>\完美卸载V2008\Local.htm".
The file at "<$PROGRAMFILES>\完美卸载V2008\MainCon.exe".
The file at "<$PROGRAMFILES>\完美卸载V2008\MainCon.ini".
The file at "<$PROGRAMFILES>\完美卸载V2008\MSVCP60.DLL".
The file at "<$PROGRAMFILES>\完美卸载V2008\MyUpdate.exe".
The file at "<$PROGRAMFILES>\完美卸载V2008\New.txt".
The file at "<$PROGRAMFILES>\完美卸载V2008\NewDevInstaller.exe".
The file at "<$PROGRAMFILES>\完美卸载V2008\Option.dat".
The file at "<$PROGRAMFILES>\完美卸载V2008\OptSys.exe".
The file at "<$PROGRAMFILES>\完美卸载V2008\OptSys.ini".
The file at "<$PROGRAMFILES>\完美卸载V2008\OptSys.log".
The file at "<$PROGRAMFILES>\完美卸载V2008\OptSysVISTA.exe".
The file at "<$PROGRAMFILES>\完美卸载V2008\Patch-XP.db".
The file at "<$PROGRAMFILES>\完美卸载V2008\PC Turbo Memory.exe".
The file at "<$PROGRAMFILES>\完美卸载V2008\PnpWmkDrv.sys".
The file at "<$PROGRAMFILES>\完美卸载V2008\PnpWMmng.exe".
The file at "<$PROGRAMFILES>\完美卸载V2008\Ports.ini".
The file at "<$PROGRAMFILES>\完美卸载V2008\RegistryDoctor.exe".
The file at "<$PROGRAMFILES>\完美卸载V2008\RegistryDoctor.ini".
The file at "<$PROGRAMFILES>\完美卸载V2008\REGVXD.VXD".
The file at "<$PROGRAMFILES>\完美卸载V2008\RepairSYS.exe".
The file at "<$PROGRAMFILES>\完美卸载V2008\Result.htm".
The file at "<$PROGRAMFILES>\完美卸载V2008\SafeUninst.exe".
The file at "<$PROGRAMFILES>\完美卸载V2008\ScanEngine.dll".
The file at "<$PROGRAMFILES>\完美卸载V2008\SetupMonitor.exe".
The file at "<$PROGRAMFILES>\完美卸载V2008\SetupMonitor.inI".
The file at "<$PROGRAMFILES>\完美卸载V2008\Skin.ssk".
The file at "<$PROGRAMFILES>\完美卸载V2008\SkinPlusPlus.dll".
The file at "<$PROGRAMFILES>\完美卸载V2008\SoftUninstall.exe".
The file at "<$PROGRAMFILES>\完美卸载V2008\SoftUninstall.ini".
The file at "<$PROGRAMFILES>\完美卸载V2008\SrvConfig.ini".
The file at "<$PROGRAMFILES>\完美卸载V2008\SubPro.htm".
The file at "<$PROGRAMFILES>\完美卸载V2008\SubPro.JPG".
The file at "<$PROGRAMFILES>\完美卸载V2008\SysProtect.ini".
The file at "<$PROGRAMFILES>\完美卸载V2008\SysRepairer.exe".
The file at "<$PROGRAMFILES>\完美卸载V2008\SysSec.exe".
The file at "<$PROGRAMFILES>\完美卸载V2008\SysSec2K.dat".
The file at "<$PROGRAMFILES>\完美卸载V2008\SysSecXP.dat".
The file at "<$PROGRAMFILES>\完美卸载V2008\SysStatus.exe".
The file at "<$PROGRAMFILES>\完美卸载V2008\SysUlt.dat".
The file at "<$PROGRAMFILES>\完美卸载V2008\TimeProApp.exe".
The file at "<$PROGRAMFILES>\完美卸载V2008\TipList.ini".
The file at "<$PROGRAMFILES>\完美卸载V2008\ToDayTip.ini".
The file at "<$PROGRAMFILES>\完美卸载V2008\TrackClean.exe".
The file at "<$PROGRAMFILES>\完美卸载V2008\TrackClean.ini".
The file at "<$PROGRAMFILES>\完美卸载V2008\TrCleaner.exe".
The file at "<$PROGRAMFILES>\完美卸载V2008\UIFree.dll".
The file at "<$PROGRAMFILES>\完美卸载V2008\unins000.dat".
The file at "<$PROGRAMFILES>\完美卸载V2008\unins000.exe".
The file at "<$PROGRAMFILES>\完美卸载V2008\UnTools.exe".
The file at "<$PROGRAMFILES>\完美卸载V2008\UnTools.ini".
The file at "<$PROGRAMFILES>\完美卸载V2008\Unzip.exe".
The file at "<$PROGRAMFILES>\完美卸载V2008\Update.ini".
The file at "<$PROGRAMFILES>\完美卸载V2008\UpdateUrl.ini".
The file at "<$PROGRAMFILES>\完美卸载V2008\USBAntiVir.exe".
The file at "<$PROGRAMFILES>\完美卸载V2008\VirData.VLB".
The file at "<$PROGRAMFILES>\完美卸载V2008\Vista.dat".
The file at "<$PROGRAMFILES>\完美卸载V2008\VistaKBClr.exe".
The file at "<$PROGRAMFILES>\完美卸载V2008\VLockDisk.exe".
The file at "<$PROGRAMFILES>\完美卸载V2008\WjfClean.exe".
The file at "<$PROGRAMFILES>\完美卸载V2008\WjfClean.ini".
The file at "<$PROGRAMFILES>\完美卸载V2008\WmKillDrv.sys".
The file at "<$PROGRAMFILES>\完美卸载V2008\WmNdisDrv.sys".
The file at "<$PROGRAMFILES>\完美卸载V2008\WmNetPro.exe".
The file at "<$PROGRAMFILES>\完美卸载V2008\WmRegProDrv.sys".
The file at "<$PROGRAMFILES>\完美卸载V2008\WmSysPro.exe".
The file at "<$PROGRAMFILES>\完美卸载V2008\WmTimeProDrv.sys".
The file at "<$PROGRAMFILES>\完美卸载V2008\WmVirualDisk.reg".
The file at "<$PROGRAMFILES>\完美卸载V2008\WmVirualDisk.sys".
The file at "<$PROGRAMFILES>\完美卸载V2008\zm.htm".
The file at "<$SYSDIR>\WipeShell.dll".
The file at "<$SYSDIR>\WmShell.dll".
The file at "<$SYSDIR>\CopyPathExt.tlb".
Make sure you set your file manager to display hidden and system files. If Killsoft.V2008 uses rootkit technologies, use our RootAlyzer (http://forums.spybot.info/downloads.php?id=8) or our Total Commander anti-rootkit plugins (http://forums.spybot.info/downloads.php?id=3).
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D (http://www.safer-networking.org/index.php?page=spybotsd) to remove them.

Folders:

Please use Windows Explorer or another file manager of your choice to locate and delete these folders.

The directory at "<$COMMONPROGRAMS>\完美卸载V2008".
The directory at "<$PROGRAMFILES>\完美卸载V2008\CleanPlugin".
The directory at "<$PROGRAMFILES>\完美卸载V2008\FixPlugin".
The directory at "<$PROGRAMFILES>\完美卸载V2008\SPUnistPlug".
The directory at "<$PROGRAMFILES>\完美卸载V2008".
Make sure you set your file manager to display hidden and system files. If Killsoft.V2008 uses rootkit technologies, use our RootAlyzer (http://forums.spybot.info/downloads.php?id=8) or our Total Commander anti-rootkit plugins (http://forums.spybot.info/downloads.php?id=3).
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!

Registry:

You can use regedit.exe (included in Windows) to locate and delete these registry entries.

Delete the registry key "eCloseDown" at "HKEY_LOCAL_MACHINE\SOFTWARE\".
Delete the registry key "NetClean" at "HKEY_LOCAL_MACHINE\SOFTWARE\".
Delete the registry key "SkyDune" at "HKEY_LOCAL_MACHINE\SOFTWARE\".
A key in HKEY_CLASSES_ROOT\ named "WipeShell.WipeMenu", plus associated values.
Delete the registry key "{CED84338-2CBE-458F-95F6-8EF382C846CB}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{7783D463-622C-416F-B2D9-2D559E45D48C}" at "HKEY_CLASSES_ROOT\TypeLib\".
Delete the registry key "{7E41911F-13AA-11D3-A831-00104B9E30B5}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{7E419111-13AA-11D3-A831-00104B9E30B5}" at "HKEY_CLASSES_ROOT\TypeLib\".
If Killsoft.V2008 uses rootkit technologies, use our RegAlyzer (http://www.safer-networking.org/index.php?page=regalyzer), RootAlyzer (http://forums.spybot.info/downloads.php?id=8) or our Total Commander anti-rootkit plugins (http://forums.spybot.info/downloads.php?id=3).

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,
Please read these instructions (http://forums.spybot.info/showthread.php?t=288) before requesting assistance,
Then start your own thread in the Malware Removal Forum (http://forums.spybot.info/forumdisplay.php?f=22) where a volunteer analyst will advise you as soon as available.