OK. I was riddled with this virus for a long time. I was so pissed off that I actually thought of formatting the OS system drive. But then it hit me to try something rather than wasting time to reinstall everything again.
Here is how you remove Khatra.exe, Xplorer.exe and gHost.exe. Yes, they all are part and parcel of the virus. Khatra.exe might try to access your Outlook contacts, so better do this quick.
♦ Open Start>Run. Type Msconfig and hit enter.
♦ Next switch to the Startup tab and disable all KHATRA and XPLORER services. Click Apply.
♦ Now open Task Manager. Select Khatra.exe, Xplorer.exe and gHost.exe and then right click them.
♦ Select End Process tree and then click Yes to confirm.
♦ Next, navigate to Start>Run. Type CMD.
♦ Head to the drive where your OS is installed. For example mine is installed in the C drive, so here goes: “CD C:\”.
♦ Type attrib -s -h -r khatra.exe and then hit enter.
♦ Next type “CD C:\Windows\system32″ and then hit enter. Again type attrib -s -h -r khatra.exe
and hit enter.
♦ Next type ‘del khatra.exe’.
♦ Repeat the same for the other two process. Thats it! Now the virus must have been removed.
To verify whether you have deleted the virus or not, type ‘regedit’ in the Start>Run dialog box. Press CTRL+F and search for the above process. Delete the values if you get any. In case of an error message stating that ‘Registry is disabled by the Administrator’, click here on how to enable the registry.
Related posts:
Recent Comments