Secure Most Provide you most reliable security utilities!
Home Articles File Center Privacy Contact us Links
Now Position: Home>Tech Articles>Detection and Removal of Various Trojans
How to Detect and Remove Trojan.Krepper
About Trojan.Krepper

Krepper is a trojan virus, that modifies website surfing to display advertising, and downloads additional threats Will add start autorun keys in the registry to make sure it runs on startup.

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\
xp_system = c:\windows\inetper\services.exe

The xp_system Registry value keys it to Krepper.

Variants: 

  • Trojan.Win32.Krepper.a
  • Trojan.Win32.Krepper.o
  • Trojan.Win32.Krepper.p
Trojan.Krepper Removal Instruction

Automatic Removal:

Using Spyware Doctor to detect and remove Trojan.Krepper AUTOMATICALLY!

Manual Removal:

  1. Kill these running processes with Task Manager:
    systemroot+\system\matrixhere.exe
    systemroot+\system\sysstartup.exe
    systemroot+\system32\matrixhere.exe
    systemroot+\system32\sysstartup.exe
    trojan.win32.krepper.a.exe
    trojan.win32.krepper.a_(120).exe
     
  2. Go to the key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run.
    If you find the value HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run\jopa, delete it and reboot the machine immediately.
    If you find the value HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run\romahere, delete it and reboot the machine immediately.
    If you find the value HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\jopa, delete it and reboot the machine immediately.
    If you find the value HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\romahere, delete it and reboot the machine immediately.
     
  3. Unregister these DLLs with Regsvr32, then reboot:
    trojan.win32.krepper.o.dll
    trojan.win32.krepper.p.dll
    trojan.win32.krepper.p_(10).dll
     
  4. Remove these registry items (if present) with RegEdit:
    HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run\jopa
    HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run\romahere
    HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\jopa
    HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\romahere
     
  5. Remove these files (if present) with Windows Explorer:
    systemroot+\system\matrixhere.exe
    systemroot+\system\sysstartup.exe
    systemroot+\system32\matrixhere.exe
    systemroot+\system32\sysstartup.exe
    trojan.win32.krepper.a.exe
    trojan.win32.krepper.a_(120).exe
    trojan.win32.krepper.o.dll
    trojan.win32.krepper.p.dll
    trojan.win32.krepper.p_(10).dll
Detection and Removal Instructions for Trojans
More Removal Instructions for More Adware/Spyware Programs
Sign up for free up-to-date messages about your PC's security & privacy:
              Email
Confirm email
     Your Name    
 Anti-Keylogger  Password Pecovery
 Anti-Spam  PC Monitoring
 Anti-Spyware  Personal Firewall
 Anti-Virus  System Tools
 Online Privacy    
PQ DVD to iPod Video Suite
PQ DVD to iPod Video Suite (PQ DVD to iPod + iPod Video Converter) is a One-Click, All-In-One solution to convert DVD, Tivo, DivX, MPEG, WMV, AVI, RealMedia and many more to iPod Video ...
Kaspersky Internet Security
Internet Security processes all incoming and outgoing data on your computer, including email, Internet traffic and network interaction, without the need for additional security applications ...
Cucusoft MPEG/AVI to DVD/VCD/SVCD Converter Pro
It enables you to convert and burn any video file directly to VCD, DVD, SVCD, MPEG1 and MPEG2 format. Pro version included all the features of the lite version ...
FREE Spyware Scan! SpyNoMore
SpyNoMore scans, cleans and blocks spyware as well as any other good anti-spyware product, but with one big advantage, Custom Fix (patent pending). Spyware programs are growing more sophisticated by the day ...
Copyright ©2003-2009 SecureMost.com. All other trademarks are the sole property of their respective owners.