kdzeregli.exe - Dangerous

kdzeregli.exe

Manual removal instructions:

Antivirus Report of kdzeregli.exe:
kdzeregli.exe Malware
kdzeregli.exeDangerous
kdzeregli.exeHigh Risk
kdzeregli.exe
I-Worm.Amus.a
Amus is an Internet worm that spreads in email attachments.
Attempts to activate ISpeechVoice.Speak and play the following soundtrack:
How are you. I am back. My name is mister hamsi. I am seeing you. Haaaaaaaa. You must come to turkiye. I am cleaning your computer. 5. 4. 3. 2. 1. 0. Gule. Gule.

Copies itself into the root directory of the C drive under the name masum.exe and into the Windows folder under the following names:
Adapazari.exe; Ankara.exe; Anti_Virus.exe; Cekirge.exe; KdzEregli.exe; Messenger.exe; Meydanbasi.exe; My_Pictures.exe; Pide.exe; Pire.exe
It uses MS Outlook to send copies of itself to all recipients listed in the address book.
This worm is programmed to replace the home page URL in Internet Explorer on the 1, 6, 20 and 25 of each month with the predefined text.
While on the 10 and 23 of each month, the worm will attempt to delete all .dll files in the Windows folder.

Manual removal:
Locate the system registry key: [HKLM\Software\Microsoft\Windows\CurrentVersion\Run]
and delete the entry: "Microzoft_Ofiz"="%WINDIR%\KdzEregli.exe"
Also, locate the key: [HKCU\SOFTWARE\Microsoft\Masum\Who]
and delete the value: "Who"="OnEmLi_DeGiL"

Remove kdzeregli.exe now!

Dmitry Sokolov:

I created UnHackMe in 2006 to fix the problem that antivioruses did not fix: detecting rootkits.

Since that time I work every day to fix the issues that antiviruses cannot.

If your antivirus have not helped you solve the problem, you should try UnHackMe.

We are a small company and you can ask me directly, if you have any questions.

Testimonials

You can read UnHackMe testimonials here.