Variant: Trojan.Koutodoor
Operating Systems Affected: Windows 9x, 2000, ME, XP, NT, Windows Vista, Windows 7
Trojan.Koutodoor a very destructive trojan that has the capability to install a rootkit, create browser helper components, modify registry values and any other possible way to compromised your PC. What is a Rootkit? It’s a software deeply hidden in the Operating System environment that has administrator account privileged access to a computer.
How to Manually Remove Trojan.Koutodoor?
• Disable System Restore (Windows XP users)
Right click My Computer and click on Properties → System Restore tab → Put a checkmark on Turn off system restore on all drives → Click apply then OK → Restart the computer.
• Boot to Safe Mode – press the F8 key before the Windows Logo appears then choose safe mode → hit enter → and login on an account with Administrator credentials.
• Show hidden Files and Folders – My Computer → Tools → Folder Options → View Tab → click show hidden folders, files and drives. Uncheck hide operating systems files. Click OK.
• Locate and Delete the identified Trojan.Koutodoor files:
%Windir%\system32\drivers\[RANDOM CHARACTERS].sys
%Windir%\system32\[RANDOM CHARACTERS].dll
%UserProfile%\Favorites
• Delete the following registry values: Start → run → type regedit → click OK → Navigate to the listed registry addresses and delete the compromised registry entries:
{Caution: Backup the registry before editing/ deleting registry values}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\[RANDOM CHARACTERS]
HKEY_CLASSES_ROOT\CLSID\{7BA4C38C-6BE5-4F3C-980B-CEB48A777413}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7BA4C38C-6BE5-4F3C-980B-CEB48A777413}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\DateTime\”index” = “1″
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\DateTime\”SID” = “[USER SID]”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\DateTime\”Reboot” = “1″
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\DateTime\”Modify” = “1″
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\DateTime\”Last Time” = “[BINARY DATA]”
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\”{01E04581-4EEE-11D0-BFE9-00AA005B4383}” = “[BINARY DATA]”
• Restart and Boot under Normal Mode
• Run a full Anti-Virus system scan to check the integrity of your Windows Operating System and Personal Files.