Malware Info: Kuho Trojan

Removing Kuho
Categories: Trojan
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.

Visible Symptoms:
Files in system folders:

 
[%APPDATA%]\koboo\conf.dat
[%APPDATA%]\koboo\conf2.dat
[%DESKTOP%]\µçÓ°.url
[%PROGRAMS%]\kuho\kuho.lnk
[%PROGRAM_FILES%]\kuho\data\setup.exe
[%PROGRAM_FILES%]\kuho\ddddl.dll
[%PROGRAM_FILES%]\kuho\dddsetup.exe
[%PROGRAM_FILES%]\kuho\dudupros.exe
[%PROGRAM_FILES%]\kuho\hotsortlist.dat
[%PROGRAM_FILES%]\kuho\kbmedia.dll
[%PROGRAM_FILES%]\kuho\kbskin.dll
[%PROGRAM_FILES%]\kuho\kuho.exe
[%PROGRAM_FILES%]\kuho\lrcsetlst.dat
[%PROGRAM_FILES%]\kuho\mbmon.dll
[%PROGRAM_FILES%]\kuho\mbsched.exe
[%PROGRAM_FILES%]\kuho\mbsearch.dll
[%PROGRAM_FILES%]\kuho\msvcp60.dll
[%PROGRAM_FILES%]\kuho\msvcrt.dll
[%PROGRAM_FILES%]\kuho\pcastctl.dll
[%PROGRAM_FILES%]\kuho\playlist.dat
[%PROGRAM_FILES%]\kuho\repk.exe
[%PROGRAM_FILES%]\kuho\search.dat
[%PROGRAM_FILES%]\kuho\skin.bmp
[%PROGRAM_FILES%]\kuho\skin.ini
[%PROGRAM_FILES%]\kuho\uninst.exe
[%PROGRAM_FILES%]\kuho\webdl.dll
[%STARTUP%]\kuho.lnk
[%APPDATA%]\koboo\conf.dat
[%APPDATA%]\koboo\conf2.dat
[%DESKTOP%]\µçÓ°.url
[%PROGRAMS%]\kuho\kuho.lnk
[%PROGRAM_FILES%]\kuho\data\setup.exe
[%PROGRAM_FILES%]\kuho\ddddl.dll
[%PROGRAM_FILES%]\kuho\dddsetup.exe
[%PROGRAM_FILES%]\kuho\dudupros.exe
[%PROGRAM_FILES%]\kuho\hotsortlist.dat
[%PROGRAM_FILES%]\kuho\kbmedia.dll
[%PROGRAM_FILES%]\kuho\kbskin.dll
[%PROGRAM_FILES%]\kuho\kuho.exe
[%PROGRAM_FILES%]\kuho\lrcsetlst.dat
[%PROGRAM_FILES%]\kuho\mbmon.dll
[%PROGRAM_FILES%]\kuho\mbsched.exe
[%PROGRAM_FILES%]\kuho\mbsearch.dll
[%PROGRAM_FILES%]\kuho\msvcp60.dll
[%PROGRAM_FILES%]\kuho\msvcrt.dll
[%PROGRAM_FILES%]\kuho\pcastctl.dll
[%PROGRAM_FILES%]\kuho\playlist.dat
[%PROGRAM_FILES%]\kuho\repk.exe
[%PROGRAM_FILES%]\kuho\search.dat
[%PROGRAM_FILES%]\kuho\skin.bmp
[%PROGRAM_FILES%]\kuho\skin.ini
[%PROGRAM_FILES%]\kuho\uninst.exe
[%PROGRAM_FILES%]\kuho\webdl.dll
[%STARTUP%]\kuho.lnk

How to detect Kuho:

Files: [%APPDATA%]\koboo\conf.dat [%APPDATA%]\koboo\conf2.dat [%DESKTOP%]\µçÓ°.url [%PROGRAMS%]\kuho\kuho.lnk [%PROGRAM_FILES%]\kuho\data\setup.exe [%PROGRAM_FILES%]\kuho\ddddl.dll [%PROGRAM_FILES%]\kuho\dddsetup.exe [%PROGRAM_FILES%]\kuho\dudupros.exe [%PROGRAM_FILES%]\kuho\hotsortlist.dat [%PROGRAM_FILES%]\kuho\kbmedia.dll [%PROGRAM_FILES%]\kuho\kbskin.dll [%PROGRAM_FILES%]\kuho\kuho.exe [%PROGRAM_FILES%]\kuho\lrcsetlst.dat [%PROGRAM_FILES%]\kuho\mbmon.dll [%PROGRAM_FILES%]\kuho\mbsched.exe [%PROGRAM_FILES%]\kuho\mbsearch.dll [%PROGRAM_FILES%]\kuho\msvcp60.dll [%PROGRAM_FILES%]\kuho\msvcrt.dll [%PROGRAM_FILES%]\kuho\pcastctl.dll [%PROGRAM_FILES%]\kuho\playlist.dat [%PROGRAM_FILES%]\kuho\repk.exe [%PROGRAM_FILES%]\kuho\search.dat [%PROGRAM_FILES%]\kuho\skin.bmp [%PROGRAM_FILES%]\kuho\skin.ini [%PROGRAM_FILES%]\kuho\uninst.exe [%PROGRAM_FILES%]\kuho\webdl.dll [%STARTUP%]\kuho.lnk [%APPDATA%]\koboo\conf.dat [%APPDATA%]\koboo\conf2.dat [%DESKTOP%]\µçÓ°.url [%PROGRAMS%]\kuho\kuho.lnk [%PROGRAM_FILES%]\kuho\data\setup.exe [%PROGRAM_FILES%]\kuho\ddddl.dll [%PROGRAM_FILES%]\kuho\dddsetup.exe [%PROGRAM_FILES%]\kuho\dudupros.exe [%PROGRAM_FILES%]\kuho\hotsortlist.dat [%PROGRAM_FILES%]\kuho\kbmedia.dll [%PROGRAM_FILES%]\kuho\kbskin.dll [%PROGRAM_FILES%]\kuho\kuho.exe [%PROGRAM_FILES%]\kuho\lrcsetlst.dat [%PROGRAM_FILES%]\kuho\mbmon.dll [%PROGRAM_FILES%]\kuho\mbsched.exe [%PROGRAM_FILES%]\kuho\mbsearch.dll [%PROGRAM_FILES%]\kuho\msvcp60.dll [%PROGRAM_FILES%]\kuho\msvcrt.dll [%PROGRAM_FILES%]\kuho\pcastctl.dll [%PROGRAM_FILES%]\kuho\playlist.dat [%PROGRAM_FILES%]\kuho\repk.exe [%PROGRAM_FILES%]\kuho\search.dat [%PROGRAM_FILES%]\kuho\skin.bmp [%PROGRAM_FILES%]\kuho\skin.ini [%PROGRAM_FILES%]\kuho\uninst.exe [%PROGRAM_FILES%]\kuho\webdl.dll [%STARTUP%]\kuho.lnk

Folders: [%APPDATA%]\koboo\data

Registry Keys: HKEY_CURRENT_USER\software\dudu

Registry Values: HKEY_CLASSES_ROOT\interface\{3670b76d-837b-4fdc-b814-678e81f7f9ea}\typelib HKEY_CLASSES_ROOT\interface\{50548648-5488-4832-8e73-45e02019f4f9}\typelib HKEY_CLASSES_ROOT\clsid\{7ad13266-7cad-4997-892f-76222be0a39d}\inprocserver32 HKEY_CLASSES_ROOT\clsid\{7dee9d05-fa0a-4416-a6f3-6537d0eab6a6}\inprocserver32 HKEY_CLASSES_ROOT\clsid\{8afce6c6-75d9-494a-a0a9-d80e1726248f}\inprocserver32 HKEY_CLASSES_ROOT\clsid\{af9f7043-ddad-4eda-8fbe-c35802d5ee54}\inprocserver32 HKEY_CLASSES_ROOT\clsid\{e7e2d89b-2702-4d3d-8139-9b6e35dc8750}\inprocserver32 HKEY_CLASSES_ROOT\clsid\{f2f89d78-0450-4ddc-b8fb-4a169204c69d} HKEY_CLASSES_ROOT\clsid\{f2f89d78-0450-4ddc-b8fb-4a169204c69d} HKEY_CLASSES_ROOT\interface\{2754914f-18ad-45f1-990f-83f40940e1b1}\typelib HKEY_CLASSES_ROOT\interface\{3670b76d-837b-4fdc-b814-678e81f7f9ea}\typelib HKEY_CLASSES_ROOT\interface\{50548648-5488-4832-8e73-45e02019f4f9}\typelib HKEY_CLASSES_ROOT\interface\{78b96fa7-51b2-4864-bef8-8bfba355b554}\typelib HKEY_CLASSES_ROOT\interface\{89a75acb-17ed-4ee2-ac80-b65d6b166a6b}\typelib HKEY_CLASSES_ROOT\interface\{9e9675b0-db79-4069-b562-7ebc60d5eff9}\typelib HKEY_CLASSES_ROOT\interface\{a3d6ccf7-5996-4a5f-b732-a8ada16a4256}\typelib HKEY_CLASSES_ROOT\interface\{d12fc2d0-4c86-4ad8-a322-a057b9c17d1b}\typelib HKEY_CLASSES_ROOT\interface\{f6af1f04-a744-441a-849f-ceab35e20f4e}\typelib HKEY_CLASSES_ROOT\protocols\handler\koboo HKEY_CURRENT_USER\software\microsoft\internet explorer\new windows\allow

Removing Kuho:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Mirar Trojan Removal
CWS.IEFeatsIUpdate Hijacker Symptoms

Malware Info

Blog Archive

About Me

Thursday, December 11, 2008

Kuho Trojan

How to detect Kuho:

Removing Kuho:

No comments: