How to remove Kbdrv16.com, Lsass.exe, USB-HI.EXE
Tech-Today

How to remove Kbdrv16.com, Lsass.exe, USB-HI.EXE


Just last night I copied a file from a USB of my apartment mate and I noticed that there was something wrong the way the explorer is showing. I inspect my system and found two instances of services.msc in windows task manager [press ctrl + shift + esc] one run by my currently logged user and one by SYSTEM. I searched my computer for instances of a virus or a worm, etc and I found an abnormal entries, files on my computer/registry:

ITEM A
+HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\Current Version\Winlogon
under Shell string value there is an abnormal appended string c:\windows\system32\keyboard\services.exe, normal is explorer.exe
+c:\documents and settings\all users\application data\fearghus\lsass.exe
+C:\Documents and Settings\All Users\Application Data\Microsoft\USB2.0\usb-hi.exe
+C:\Documents and Settings\All Users\Application Data\Fearghus\lsass.exe
+C:\Documents and Settings\All Users\Start Menu\Programs\Startup\kbdrv16.com

I successfully removed the following by:

1.) starting my windows in safe mode with command prompt (press F8 repeatedly while OS is booting)
2.) deleting the entry in the registry
a.) start regedit, in the command prompt type regedit
b.) navigate here HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\Current Version\Winlogon
c.) change the value of the Shell key to just explorer.exe
3.) navigate to c:\documents and settings\all users\application data\
>cd c:\documents and settings\all users\application data\
a.) delete the fearghus directory
>rd /s fearghus
4.) navigate to C:\Documents and Settings\All Users\Application Data\Microsoft\
>cd C:\Documents and Settings\All Users\Application Data\Microsoft\
a.) delete USB2.0 directory
>rd /s USB2.0
5.) remove the entry on the Startup
a.) navigate to C:\Documents and Settings\All Users\Start Menu\Programs\Startup\kbdrv16.com
b.) execute delete file command
>del kbdrv16.com
6.) restart your machine and boot normally, inspect the registry the Shell key should just contain explorer.exe, and all the files specified in ITEM A should be gone by now.

That's all. This procedure works for me :D.




- How To Create Ssh Key And Set In Eclipse
This page will explain how we can create an ssh key that we can set in eclipse to be use when pulling files from Git repositories. *Note that this tutorial was tested on windows 7. 1.) Open command prompt. 2.) Execute: ssh-keygen -t rsa -C "yourEmail"....

- Setup Egit With Eclipse
This is how I setup my eclipse to install egit plugin and use it. 1.) Install EGIT -> http://download.eclipse.org/egit/updates. 2.) Create public ssh key -> http://help.github.com/key-setup-redirect. 3.) You can add it by pressing the menu in the top...

- Asp Server Application Unavailable
If you ever encounter this error while setting up iis on your local machine or a virtual directory in the Internet Information Services and you look into the the Event Viewer and see the Application Logs: "Server Application Unavailable The web application...

- How To Setup Cvs Server And Client On A Windows Machine.
How to setup cvs server and client on a windows machine. Requirements: 1.) http://www.wincvs.org/ - download wincvs it has cvsnt included in the zip file Or 1.1) http://www.tortoisecvs.org/download.shtml = download TortoiseCVS Instructions: 0.) Stop the...

- Error Encountered: Requested Registry Access Is Not Allowed, System.security.securityexception
Problem: You have a dotnet application that reads key/value to the local registry but is restricted so you get the error. Solution: 1.) Goto run and type regedit, the "Registry Editor" window will open. 2.) Navigate to: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security...



Tech-Today








.