Khatra.exe is a W32 trojan which is the most annoying virus i had ever
seen. It appears as khatra.exe, ghost.exe or Xplorer.exe. This virus
disable the Task manager and Registry Editor permanently. I was
struggling with this idiot for a few days. This virus copies itelf to
removable media and spreads to other computers.
I searched Internet a lot for removing this and finally i removed it
completly from my pc. So, here I'm sharing the instructions for removing
the virus below.
Is my PC infected??
This is the first question you will ask. So, if you want to check whether you are affected by khatra.exe, ghost.exe or xplorer.exe virus, do as follows
Open task manager (if you have task manager disabled, this may be most probably because of virus attack. Anyway, to check whether you are affected by khatra virus or any other virus, just follow the first step in the removal instructions below to enable task manager first.)
Now go to process tab and check whether there is khatra.exe, gHost.exe or xplorer.exe (not explorer.exe)
If you see any of the process mentioned above, you can make it sure that your pc is affected by khatra.exe. (khatra in hindi language means danger. Strange virus!). If you dont see any of the above process, you cannot say that your pc is completely free from viruses. Sometimes you may be affected by some other viruses. One of the main symptoms of virus attack are disabling task manager, slowing down of pc and disabling of antivirus (of course, some viruses will disable your antivirus too!). This virus had another interesting property that when you search for "how to remove khatra virus" of similar things from the affected pc on a browser, your browser will automatically close! (i like it!). So, if your pc is infected, follow the steps below,
Steps:
1) To Enable Task manager,
Go To Start> Run
Enter gpedit.msc in the Open box and click OK
In the Group Policy settings window,
Select User Configuration > Select Administrative Templates> Select System > Select Ctrl+Alt+Delete options> Select Remove Task Manager> Double-click the Remove Task Manager option. Now your Task manager is Enabled.
2) If Gpedit is disabled and regedit is enabled, do the following steps to regain task manager
Click Start -> Run. Type in "regedit" (no quotes) and hit Enter.
Search for HKEY_CURRENT_USER -> Software \ Microsoft \ Windows \ CurrentVersion \ Policies \ System.
Look for: DisableTaskMgr. Click on REG_DWORD. Change value to 0
3)Click Ctrl+Alt+Del to launch task manager
Now remove all processes such as Khatra.exe, gHost.exe and Xplorer.exe (it is better to select all, right click and click end process tree). Be careful that dont remove explorer.exe in confuse with xplorer.exe. explorer.exe is an essential process for windows explorer.
4. Now download and install Everything search tool or similar tools
This is because you need to search and remove all copies of khatra.exe ,ghost.exe and xplorer.exevirus copies from your hard drive. For that you will need a search tool and your in built search tool will be disabled by the virus.
5. Remove all the copies of virus
Launch the app you downloaded. Search for khatra.exe, ghost.exe,Xplorer.exe and remove all one by one.
you can also download any other tools similar to everything search. Usually this will take some time. Don't forget to search in hidden folders and system folders. There shouldnot be any copy left in your harddisk.
6. Disable registry entries
Open registry editor (go to start>run, type regedit and enter)
Search for all keys with values khatra, gHost or xplorer and remove all entries.
Done! Now restart PC and it is better to create a new restore point and remove all older restore points from your PC. Now your pc is free from khatra.exe virus.
Is my PC infected??
This is the first question you will ask. So, if you want to check whether you are affected by khatra.exe, ghost.exe or xplorer.exe virus, do as follows
Open task manager (if you have task manager disabled, this may be most probably because of virus attack. Anyway, to check whether you are affected by khatra virus or any other virus, just follow the first step in the removal instructions below to enable task manager first.)
Now go to process tab and check whether there is khatra.exe, gHost.exe or xplorer.exe (not explorer.exe)
If you see any of the process mentioned above, you can make it sure that your pc is affected by khatra.exe. (khatra in hindi language means danger. Strange virus!). If you dont see any of the above process, you cannot say that your pc is completely free from viruses. Sometimes you may be affected by some other viruses. One of the main symptoms of virus attack are disabling task manager, slowing down of pc and disabling of antivirus (of course, some viruses will disable your antivirus too!). This virus had another interesting property that when you search for "how to remove khatra virus" of similar things from the affected pc on a browser, your browser will automatically close! (i like it!). So, if your pc is infected, follow the steps below,
Steps:
1) To Enable Task manager,
Go To Start> Run
Enter gpedit.msc in the Open box and click OK
In the Group Policy settings window,
Select User Configuration > Select Administrative Templates> Select System > Select Ctrl+Alt+Delete options> Select Remove Task Manager> Double-click the Remove Task Manager option. Now your Task manager is Enabled.
2) If Gpedit is disabled and regedit is enabled, do the following steps to regain task manager
Click Start -> Run. Type in "regedit" (no quotes) and hit Enter.
Search for HKEY_CURRENT_USER -> Software \ Microsoft \ Windows \ CurrentVersion \ Policies \ System.
Look for: DisableTaskMgr. Click on REG_DWORD. Change value to 0
3)Click Ctrl+Alt+Del to launch task manager
Now remove all processes such as Khatra.exe, gHost.exe and Xplorer.exe (it is better to select all, right click and click end process tree). Be careful that dont remove explorer.exe in confuse with xplorer.exe. explorer.exe is an essential process for windows explorer.
4. Now download and install Everything search tool or similar tools
This is because you need to search and remove all copies of khatra.exe ,ghost.exe and xplorer.exevirus copies from your hard drive. For that you will need a search tool and your in built search tool will be disabled by the virus.
5. Remove all the copies of virus
Launch the app you downloaded. Search for khatra.exe, ghost.exe,Xplorer.exe and remove all one by one.
you can also download any other tools similar to everything search. Usually this will take some time. Don't forget to search in hidden folders and system folders. There shouldnot be any copy left in your harddisk.
6. Disable registry entries
Open registry editor (go to start>run, type regedit and enter)
Search for all keys with values khatra, gHost or xplorer and remove all entries.
Done! Now restart PC and it is better to create a new restore point and remove all older restore points from your PC. Now your pc is free from khatra.exe virus.
No comments:
Post a Comment
If you have any doubt please let me know..