Results 1 to 4 of 4

Thread: How to kill Trojan-PSW.Win32.Kates.ku

  1. #1
    gsmitty Guest

    Default How to kill Trojan-PSW.Win32.Kates.ku

    ZA detected and claimed to quarantine Trojan-PSW.Win32.Kates.ku, but it keeps coming back! Here are scan results:

    Trojan-PSW.Win32.Kates.ku was found in C:\Documents and Settings\grant\Local Settings\Temp\xrrdh.old on 2/27/2010 11:17:16

    Trojan-PSW.Win32.Kates.ku was found in C:\System Volume Information\_restore{E8CDF6D7-55B4-4F9F-88F7-DE9892BAAFBC}\RP1124\A0442167.old on 2/27/2010 10:39:40

    I tried deleting the file C:\Documents and Settings\grant\Local Settings\Temp\xrrdh.old, but it comes back right away. I tried opening the file in an editor, access denied, also tried mucking with attributes and deleting via command prompt, no dice. And I can't access C:\System Volume Information\ in any way.

    ZA just detects the virus periodically, and every time the file is accessed. No info is available on the ZA website.

    Oh, yes, I tried running safemode, the file still comes back when I delete it.

    This is seriously F'd up.

    History: Wierd stuff happened yesterday after I (ungracefully) powered down during a period of slowness. When I powered up, it (Dell Inspiron 600m / XP Pro SP2) went thru some normal startup stuff and then showed a black screen, but with cursor under mouse control. Same deal in safemode, except "safemode" shows at the corners of the black screen.

    I ran Dell diags, nothing noteworthy, and finally tried Safemode with network, and the screen came back. However, wierd stuff was happening, like Firefox wouldn't load a particular page (weather.com), that loaded fine with other browsers.

    I ran a full ZA scan (after updating), nothing found. I reinstalled Firefox, same problem.

    This morning, Firefox was better and ZA, after an update, found the Trojan. I ran a full scan (results above).

    Help Cecil Help!!!
    Last edited by fax; March 12th, 2010 at 01:44 AM.

  2. #2
    Join Date
    Nov 2004
    Location
    localhost
    Posts
    17,287

    Default Re: ZA FAILED! to kill Trojan-PSW.Win32.Kates.ku

    Hi!

    you need to follow ALL steps detailed here below including (if anything else fails) contacting spywarehammer or bleepingcomputer and get volunteer malware expert support.

    http://forums.zonealarm.com/showthread.php?t=70448

    Thanks,
    Fax

    Click here for ZA Support
    Monday-Saturday 6am to 10pm Central time
    Closed Sundays and Holidays

  3. #3
    gsmitty Guest

    Default Re: ZA FAILED! to kill Trojan-PSW.Win32.Kates.ku

    fax,
    Thanks for the advice. I got up to bootable CD fromDrWeb, but got stuck. I was unable to create a bootable cd from the image file. I sent the following query to DrWeb support, but I don't know if they'll respond to a freebie customer:

    I can't create a bootable CD from the free download. I tried with Windows Explorer, then downloaded Nero_BackItUpAndBurn-1.2.17b_trial.exe (along with .NET and a bunch of other stuff it needed). I then followed your (vague) instructions (http://www.freedrweb.com/livecd/how_it_works/), no luck.

    Questions:
    1. Can it be done with just Windows Explorer?
    2. If not, can you give me more specific instructions on how to use Nero?
    3. Is it possible that my viral infection is preventing the burn? (Zone Alarm AV finds Trojan-PSW.Win32.Kates.ku continually, but apparently can't kill it; Their forum referred me to DrWeb)
    4. Do I need to buy one of your products in order to get support? I'll be happy to, just say which one. Do you have a CD or DVD you can ship me?

    Can you give me any more good advice?

    Thanks,
    Grant Schmick

  4. #4
    Join Date
    Nov 2004
    Location
    localhost
    Posts
    17,287

    Default Re: ZA FAILED! to kill Trojan-PSW.Win32.Kates.ku

    Don't panic, no rush... Please move down to the list, your next step is to post your logs at spywarehammer or bleepingcomputer. Volunteers will assist you in the task of cleaning the system

    Thank you,
    Fax

    Click here for ZA Support
    Monday-Saturday 6am to 10pm Central time
    Closed Sundays and Holidays

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Win32.Trojan.PSW.LdPinch.vm
    By tomcatboy in forum Malware Discussion
    Replies: 0
    Last Post: December 14th, 2008, 03:27 AM
  2. Trojan keeps coming back - Trojan-PSW.Win32
    By ecotom in forum Malware Discussion
    Replies: 3
    Last Post: March 18th, 2008, 05:58 AM
  3. Trojan-PSW.Win32.WOW.rg
    By lateralus in forum Malware Discussion
    Replies: 13
    Last Post: June 19th, 2007, 09:01 AM
  4. win32 trojan.psw something something something
    By maplebob in forum Malware Discussion
    Replies: 1
    Last Post: June 4th, 2007, 08:51 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •