Khatra.exe is a W32 trojan which is the most annoying virus i had ever seen. It appears as khatra.exe, ghost.exe or Xplorer.exe. This virus disable the Task manager and Registry Editor permanently. I was struggling with this idiot for a few days. This virus copies itelf to removable media and spreads to other computers. I searched Internet a lot for removing this and finally i removed it completly from my pc. So, here I'm sharing the instructions for removing the virus below.
Is my PC infected??
This is the first question you will ask. So, if you want to check whether you are affected by khatra.exe, ghost.exe or xplorer.exe virus, do as follows
Open task manager (if you have task manager disabled, this may be most probably because of virus attack. Anyway, to check whether you are affected by khatra virus or any other virus, just follow the first step in the removal instructions below to enable task manager first.)
Now go to process tab and check whether there is khatra.exe, gHost.exe or xplorer.exe (not explorer.exe)
If you see any of the process mentioned above, you can make it sure that your pc is affected by khatra.exe. (khatra in hindi language means danger. Strange virus!). If you dont see any of the above process, you cannot say that your pc is completely free from viruses. Sometimes you may be affected by some other viruses. One of the main symptoms of virus attack are disabling task manager, slowing down of pc and disabling of antivirus (of course, some viruses will disable your antivirus too!). This virus had another interesting property that when you search for "how to remove khatra virus" of similar things from the affected pc on a browser, your browser will automatically close! (i like it!). So, if your pc is infected, follow the steps below,
Steps:
1) To Enable Task manager,
Go To Start> Run
Enter gpedit.msc in the Open box and click OK
In the Group Policy settings window,
Select User Configuration > Select Administrative Templates> Select System > Select Ctrl+Alt+Delete options> Select Remove Task Manager> Double-click the Remove Task Manager option. Now your Task manager is Enabled.
2) If Gpedit is disabled and regedit is enabled, do the following steps to regain task manager
Click Start -> Run. Type in "regedit" (no quotes) and hit Enter.
Search for HKEY_CURRENT_USER -> Software \ Microsoft \ Windows \ CurrentVersion \ Policies \ System.
Look for: DisableTaskMgr. Click on REG_DWORD. Change value to 0
Search for HKEY_CURRENT_USER -> Software \ Microsoft \ Windows \ CurrentVersion \ Policies \ System.
Look for: DisableTaskMgr. Click on REG_DWORD. Change value to 0
3)Click Ctrl+Alt+Del to launch task manager
Now remove all processes such as Khatra.exe, gHost.exe and Xplorer.exe (it is better to select all, right click and click end process tree). Be careful that dont remove explorer.exe in confuse with xplorer.exe. explorer.exe is an essential process for windows explorer.
This is because you need to search and remove all copies of khatra.exe ,ghost.exe and xplorer.exe virus copies from your hard drive. For that you will need a search tool and your in built search tool will be disabled by the virus.
5. Remove all the copies of virus
Launch the app you downloaded. Search for khatra.exe, ghost.exe, Xplorer.exe and remove all one by one.
you can also download any other tools similar to everything search. Usually this will take some time. Don't forget to search in hidden folders and system folders. There shouldnot be any copy left in your harddisk.
6. Disable registry entries
Open registry editor (go to start>run, type regedit and enter)
Search for all keys with values khatra, gHost or xplorer and remove all entries.
Done! Now restart PC and it is better to create a new restore point and remove all older restore points from your PC. Now your pc is free from khatra.exe virus.
Source: Forums related to viruses
6. Disable registry entries
Open registry editor (go to start>run, type regedit and enter)
Search for all keys with values khatra, gHost or xplorer and remove all entries.
Done! Now restart PC and it is better to create a new restore point and remove all older restore points from your PC. Now your pc is free from khatra.exe virus.
Source: Forums related to viruses
Hey! Quick question that's totally off topic. Do you know how to make your site mobile friendly? My weblog looks weird when browsing from my apple iphone. I'm tryіng
ReplyDeleteto fіnԁ а temρlatе οг plugin that might
be аble to resolve thіs iѕѕue.
If you have any reсommеndаtions, pleaѕe shaге.
Thаnk you!
My website - sore throat virus Contagious
This design is incredible! You obviously know how to keep a reader amused.
ReplyDeleteBetween your wit and your videos, I was almost moved to start my own blog
(well, almost...HaHa!) Fantastic job. I really
loved what you had to say, and more than that, how you presented it.
Too cool!
Here is my web blog ; symptoms of mono relapse
I leave a comment when I appreciate a artiсlе оn а site or
ReplyDeleteI have something to valuable to contrіbute to the dіscuѕsion.
It is triggeгed by the fire cоmmunicаtеԁ іn the post I looked at.
And оn this artiсle "How to Remove Khatra.exe gHost.exe or Xplorer.exe virus completely from your PC".
I was actuallу moѵed enough tο post a thought :-)
Ӏ do hаve 2 questionѕ for you if
yоu do not mind. Is it only me oг dо
some of these remarks lοok like left
bу bгain ԁead folks? :-P And, іf you
are postіng at additional online ѕіtes,
Ι'd like to keep up with you. Would you list the complete urls of your community sites like your linkedin profile, Facebook page or twitter feed?
Here is my blog post equalratio.info
Useful post . :) . But on my pc there was a virus renamed trojen.exe . With icon of facebøok . It doesn't disable my task manager . But i was unable to end process trojen.exe because it shutdowns my computer . I was also unable to shut down the computer because it restarts. I just power of u.p.s . As just as these viruses It copies itself to all drives as my picutre !.scr . The attack was before i read this post . I tried to delete all the copies of virus , but it runs again when computer restarts . After messing a lot with it . I found how the virus starts when pc boots . And i myself found a solution for this . It is
ReplyDelete* You must have a live bootable disk of any o.s such as ubuntu . You can download it (google it) . I prefer you ubuntu 10.04 because i used it
* when the pc restarts press delete key and take cd rom as the first boot device . Save settings then insert the ubuntu disk
* When the os boots please select the option "try ubuntu"
* the system loads the desktop select the computer and reach somehow your windows installed drive(file system c)
* now reach here
c:/users/user1/appdata/roaming/microsoft/windows/start menu/programs/startup/
and delete the files there (you must show hidden folders )
* also delete the files trojan.exe on c drive and my picutre !.scr on drives
* then shutdown pc . eject disk .restart . And select hdd as first boot device and start windows . the virus is now removed . I also prefer you to find the copies of virus and delete it without opening . Hope it helped some of you . Thanks
Useful post . :) . But on my pc there was a virus renamed trojen.exe . With icon of facebøok . It doesn't disable my task manager . But i was unable to end process trojen.exe because it shutdowns my computer . I was also unable to shut down the computer because it restarts. I just power of u.p.s . As just as these viruses It copies itself to all drives as my picutre !.scr . The attack was before i read this post . I tried to delete all the copies of virus , but it runs again when computer restarts . After messing a lot with it . I found how the virus starts when pc boots . And i myself found a solution for this . It is
ReplyDelete* You must have a live bootable disk of any o.s such as ubuntu . You can download it (google it) . I prefer you ubuntu 10.04 because i used it
* when the pc restarts press delete key and take cd rom as the first boot device . Save settings then insert the ubuntu disk
* When the os boots please select the option "try ubuntu"
* the system loads the desktop select the computer and reach somehow your windows installed drive(file system c)
* now reach here
c:/users/user1/appdata/roaming/microsoft/windows/start menu/programs/startup/
and delete the files there (you must show hidden folders )
* also delete the files trojan.exe on c drive and my picutre !.scr on drives
* then shutdown pc . eject disk .restart . And select hdd as first boot device and start windows . the virus is now removed . I also prefer you to find the copies of virus and delete it without opening . Hope it helped some of you . Thanks
Useful post . :) . But on my pc there was a virus renamed trojen.exe . With icon of facebøok . It doesn't disable my task manager . But i was unable to end process trojen.exe because it shutdowns my computer . I was also unable to shut down the computer because it restarts. I just power of u.p.s . As just as these viruses It copies itself to all drives as my picutre !.scr . The attack was before i read this post . I tried to delete all the copies of virus , but it runs again when computer restarts . After messing a lot with it . I found how the virus starts when pc boots . And i myself found a solution for this . It is
ReplyDelete* You must have a live bootable disk of any o.s such as ubuntu . You can download it (google it) . I prefer you ubuntu 10.04 because i used it
* when the pc restarts press delete key and take cd rom as the first boot device . Save settings then insert the ubuntu disk
* When the os boots please select the option "try ubuntu"
* the system loads the desktop select the computer and reach somehow your windows installed drive(file system c)
* now reach here
c:/users/user1/appdata/roaming/microsoft/windows/start menu/programs/startup/
and delete the files there (you must show hidden folders )
* also delete the files trojan.exe on c drive and my picutre !.scr on drives
* then shutdown pc . eject disk .restart . And select hdd as first boot device and start windows . the virus is now removed . I also prefer you to find the copies of virus and delete it without opening . Hope it helped some of you . Thanks