Variant: Trojan.Karagany
Operating Systems Affected: Windows 9x, 2000, XP, Server 2003, Vista, 7
Trojan.Karagany is a computer trojan horse that bypasses normal authentication process of the Windows Operating System thus, manipulates its way into accessing the system without being detected. The backdoor trojan has the potential of being destructive and could compromise any confidential data stored on your computer. If you’re infected with it, follow the steps indicated below to manually remove the trojan.
Step by step manual removal guide:
• Temporarily disable system restore (Windows ME/ XP) Click Start, right-click My Computer then click Properties. Click the System Restore tab, select Turn off System Restore or Turn off System Restore on all drives check box. Click OK.
• Reboot and login under safe mode with networking – While booting, press and hold the F8 Key.On the Windows Advanced Options Menu use arrow keys to move and choose Safe Mode with Networking then press Enter key.
• Show hidden files and folders - Open my computer, click folder options and choose view tab. Tick show hidden files and folders, untick hide protected operating system files.
• Navigate and delete the Trojan.Karagany created files:
• Navigate and delete the Trojan.Karagny created folder:
%ProgramFiles%\Common Files\WmiModules
• Navigate and delete the Trojan.Karagany registry added values: (Start → run → type regedit → OK)
{Disclaimer: Registry modification is done at your own risk. Backup the registry before making any changes!}
• Re-enable system restore (Windows ME/ XP) - Click Start, right-click My Computer, then click Properties. Click the System Restore tab, clear the Turn off System Restore or Turn off System Restore on all drives check box.Click OK.
• Update AV definition files
• Run Anti-Virus full system scan
• Restart and boot under normal mode