kdzeregli.exe - Dangerous
kdzeregli.exe
Jeff's Story:
My PC had gotten a bad rootkit that my ISP antivirus software (powered by McAfee) could not detect, nor could fix.
I sought a solution on the Internet and discovered your product and tried out the trial.
You quickly found the rootkit and SAVED my PC!
I haven't had any problems since, and I'm extremely grateful.
Manual removal instructions:
Amus is an Internet worm that spreads in email attachments.
Attempts to activate ISpeechVoice.Speak and play the following soundtrack:
How are you. I am back. My name is mister hamsi. I am seeing you. Haaaaaaaa. You must come to turkiye. I am cleaning your computer. 5. 4. 3. 2. 1. 0. Gule. Gule.
Copies itself into the root directory of the C drive under the name masum.exe and into the Windows folder under the following names:
Adapazari.exe; Ankara.exe; Anti_Virus.exe; Cekirge.exe; KdzEregli.exe; Messenger.exe; Meydanbasi.exe; My_Pictures.exe; Pide.exe; Pire.exe
It uses MS Outlook to send copies of itself to all recipients listed in the address book.
This worm is programmed to replace the home page URL in Internet Explorer on the 1, 6, 20 and 25 of each month with the predefined text.
While on the 10 and 23 of each month, the worm will attempt to delete all .dll files in the Windows folder.
Manual removal:
Locate the system registry key: [HKLM\Software\Microsoft\Windows\CurrentVersion\Run]
and delete the entry: "Microzoft_Ofiz"="%WINDIR%\KdzEregli.exe"
Also, locate the key: [HKCU\SOFTWARE\Microsoft\Masum\Who]
and delete the value: "Who"="OnEmLi_DeGiL"