The Application Database suggests you which Windows startup programs are usefual and which are bad. The recommended tool for quickly removing the useless programs is RegRun Startup Optimizer. www.startupapps.com

---

Purchase RegRun Suite Download RegRun Suite

Search Database for:

RegRun > Greatis Startup Application Database > Dangerous > K

 

k2logas.exe
k2ps.exe
k2ps_full.exe
k2ps_setup.exe
k2psl.exe
k2tl_setup.exe
k2vl.exe
kak.hta
kaspersky.exe
kavutil.exe
kazza.exe
kdzeregli.exe
kernal32.exe
kerne1.exe
kernel.32.exe
kernel.exe
kernel16.exe
kernel32.exe
keylogger.exe
kgzgjkpcw.exe
khesp.exe
killbush.exe
killonce.exe
killserv.exe
knjtuhh.exe
konfig.exe
krn132.exe
kuang.exe

k2logas.exe

Kuang2 logger AS trojan

k2ps.exe

Steals passwords

k2ps_full.exe

Steals passwords

k2ps_setup.exe

Steals passwords

k2psl.exe

Kuang trojan

k2tl_setup.exe

Steals passwords

k2vl.exe

Steals passwords

kak.hta

You do have a virus. Kill it in the startup.
Check your system by latest version of antiviral software.

kaspersky.exe

W32.Mimail.T@mm is a mass mailing worm.
Attempts to mail itself to the emails found on the system. The subject lines, attachment names, and message bodies vary.

Copies itself to:
%Windir%\Kaspersky.exe
%Windir%\Ee98af.tmp

Adds the value:
"KasperskyAv" = " %Windir%\kaspersky.exe"
to registry key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Attempts to resolve the IP address for www.google.com to determine whether there is Internet connectivity.
Collects email addresses from all the files on the computer.
Sends email messages using its own SMTP engine.
Also performs a Denial of Service (DoS) and ICMP attacks.

Remove it from startup with RegRun Startup Optimizer.

kavutil.exe

I-Worm.Sexer.b
The Sexer.b worm spreads via the Internet as an infected email attachment file named, KAVUtil.exe.
Sender address: support@kaspersky.com
File attachment: KAVUtil.exe
Sexer then creates the file KAV.bmp in the Program Files\Common Files\system directory. The system then installs this file as the desktop background image.
Sexer then sends itself out to all the email addresses found in the email client's address book.
To physically mail itself, Sexer makes a direct connection with the SMTP server.

Manual removal:
Please, go to the key in the system registry: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
and delete the value: KAVUtil = kavutil.exe

kazza.exe

OPTIXPRO.12.C VIRUS!

Backdoor.OptixPro.12.c, a variant of the Backdoor.OptixPro.12 Trojan Horse.
Allows unauthorized remote access to an infected computer on port 3410.
If the file "Kazza.exe" is present, is it an indication of a possible infection.

Also Known As: Backdoor.Optix.Pro.12 [KAV], Backdoor.Optix.1_2 [RAV], BackDoor-ACH [McAfee]
Variants: Backdoor.OptixPro.12, Backdoor.OptixPro.12.b, Backdoor.OptixPro.13
Type: Trojan Horse
Infection Length: 321,536 bytes

1. This virus copies itself as %System%\Kazza.exe.
Note: %System% = C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).

2. Adds the value:
"InternalSystray" = "%System%\Kazza.exe"
to the registry key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
so that the Trojan runs when you start Windows.

3. Sets the registry value:
"EnableAutodial" = "00 00 00 00"
in the registry key:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings

4. Notifies the hacker through ICQ.
Listens on TCP port 3410 and waits for commands from the Trojan's creator.

5. Provides its creator with:
Cached passwords
Full remote access to your computer, such as turning the power on and off, modifying files, and monitoring your system.

6. Attempts to stop about 200 of antivirus and monitoring tool processes.

Instuction to delete:

1. Disable System Restore (Windows Me/XP).
2. Run a full system scan and delete all the files detected as Backdoor.OptixPro.12.c.
3. Delete the value that was added to the registry. Make it better with Greatis RegRun.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
delete the value:
"InternalSystray" = "%System%\Kazza.exe"

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings
change the value of "EnableAutodial" to its original settings.

kdzeregli.exe

I-Worm.Amus.a
Amus is an Internet worm that spreads in email attachments.
Attempts to activate ISpeechVoice.Speak and play the following soundtrack:
How are you. I am back. My name is mister hamsi. I am seeing you. Haaaaaaaa. You must come to turkiye. I am cleaning your computer. 5. 4. 3. 2. 1. 0. Gule. Gule.

Copies itself into the root directory of the C drive under the name masum.exe and into the Windows folder under the following names:
Adapazari.exe; Ankara.exe; Anti_Virus.exe; Cekirge.exe; KdzEregli.exe; Messenger.exe; Meydanbasi.exe; My_Pictures.exe; Pide.exe; Pire.exe
It uses MS Outlook to send copies of itself to all recipients listed in the address book.
This worm is programmed to replace the home page URL in Internet Explorer on the 1, 6, 20 and 25 of each month with the predefined text.
While on the 10 and 23 of each month, the worm will attempt to delete all .dll files in the Windows folder.

Manual removal:
Locate the system registry key: [HKLM\Software\Microsoft\Windows\CurrentVersion\Run]
and delete the entry: "Microzoft_Ofiz"="%WINDIR%\KdzEregli.exe"
Also, locate the key: [HKCU\SOFTWARE\Microsoft\Masum\Who]
and delete the value: "Who"="OnEmLi_DeGiL"

kernal32.exe

Remote Access / Keylogger / IRC trojan
Doly is hidden in several different programs: in Memory Manager, in an Interactive Game, and in a Downloading program. The trojan also starts using Windows Startup Directory.

kerne1.exe

Remote Access / Trojan dropper
Alters Win.ini and System.ini. A game hiding and dropping the SubSeven 2.0 server.

kernel.32.exe

Remote Access

kernel.exe

I-Worm.SysClock
This is an Internet worm (virus of the worm type) spreading via emails, IRC channels, infecting files on local computers and spreading itself to a local network.

kernel16.exe

Remote Access / Steals passwords / Keylogger

kernel32.exe

Remote Access

keylogger.exe

Keylogger / ICQ trojan
Notifies via ICQ.

kgzgjkpcw.exe

Backdoor.Sdbot.T is a backdoor Trojan horse that is similar to Backdoor.Sdbot.S.
It allows an attacker to control an infected computer.

Copies itself as %System%\kgzgjkpcw.exe and %System%\zonealarm.exe.

Adds the value: "Winsock2 driver"="kgzgjkpcw.exe"
to the registry keys:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Adds the value: "Winsock2 driver"="ZONEALARM.EXE" (It is not valid file name of ZONEALARM antiviral program)
to the registry keys:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Attempts to end the following processes: Netstat.exe; Msconfig.exe; Regedit.exe
Uses its own IRC client to connect to a specified IRC channel and wait for the commands to perform different actions.

Use RegRun Startup Optimizer to automatically remove this trojan.

khesp.exe

Remote Access

killbush.exe

W32.Kibuv Worm
Uses LSASS vulnerability described in Microsoft Security Bulletin MS04-011 and the DCOM RPC vulnerability described in Microsoft Security Bulletin MS03-026.
It spreads by scanning the randomly selected IP addresses for vulnerable systems
Register in the registry Run keys as:
"Vote For Kerry" = "KillBush.exe"
Remove it from Startup by RegRun Start Control.

killonce.exe

Kilonce dangerous virus!
It renames rundll32.exe to Run32.exe and copies its body to rundll32.exe.
1. Stop processes KILLONCE.EXE and RUNDLL32.EXE.
2. Restore default file extensions.
3. Remove KILLONCE.EXE and RUNDLL32.EXE from startup.
4. Restore original rundll32.exe.

killserv.exe

Remote Access / Exe-infector
The whole package comes with a server, an exe infector, a remover and two jokes. The first joke program, Californ.exe makes all the windows on the screen shake and move around. The second program, gravedad.exe displays a picture of the screen flipped.

knjtuhh.exe

Remote Access
May alter System.ini and/or Win.ini. One can choose to let Mosucker randomly decide what autostart method to use. Produces an error message while installing ""Could not find setuplog.bat"" which apparently is used for autostarting. It copies itself to $temp first, as a file named pkg*.exe, ""pkg"" being a fix string. It also copied itself to $windows/unin0686.exe.

konfig.exe

Remote Access

krn132.exe

W32.Klez.E trojan
http://www.quickheal.com/klez.htm

kuang.exe

Steals passwords