Remove K0pL4xZ Virus VBWorm.QTT

“K0pL4xZ” Virus or VBWorm.QTT is computer virus that targeted on Microsoft Office files. This virus has been created using Visual Basic, Basically K0pL4xZ will change the icon and file type Microsoft Office.
To hiding K0pL4xZ will use Windows Media Player Classic icon, but if you always working carefully you will know this file type is .exe, OK let’s remove it.
Step to Remove K0pL4xZ Virus VBWorm.QTT
1. Disconnected your computer from network.
2. Turn off “System Restore” when in cleaning process.
3. Kill active virus process in your computer background using this tool.
4. Repair your registry using code below save it as repair.inf the right click on it choose install, or just download it HERE
[Version]Signature=”$Chicago$”Provider=Nobody
[DefaultInstall]AddReg=UnhookRegKeyDelReg=del
[UnhookRegKey]HKLM, Software\CLASSES\batfile\shell\open\command,,,”"”%1″” %*”HKLM, Software\CLASSES\comfile\shell\open\command,,,”"”%1″” %*”HKLM, Software\CLASSES\exefile\shell\open\command,,,”"”%1″” %*”HKLM, Software\CLASSES\piffile\shell\open\command,,,”"”%1″” %*”HKLM, Software\CLASSES\regfile\shell\open\command,,,”regedit.exe “%1″”HKLM, Software\CLASSES\scrfile\shell\open\command,,,”"”%1″” %*”HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell,0, “Explorer.exe”HKLM, SYSTEM\ControlSet001\Control\SafeBoot, AlternateShell,0, “cmd.exe”HKLM, SYSTEM\ControlSet002\Control\SafeBoot, AlternateShell,0, “cmd.exe”HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot, AlternateShell,0, “cmd.exe”HKLM, SOFTWARE\Classes\exefile,,,applicationHKCU, Software\Microsoft\Internet Explorer\Main, start page,0, “about:blank”HKCU, Software\Microsoft\Internet Explorer\Main, Search Page,0, “about:blank”HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\HideFileExt, UncheckedValue,0×00010001,0HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden, UncheckedValue,0×00010001,1HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion, RegisteredOrganization,0, “Organization”HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion, RegisteredOwner,0, “Owner”HKLM, SOFTWARE\Classes\txtfile, FriendlyTypeName,0, “@C:\Windows\system32\notepad.exe,-469″HKLM, SOFTWARE\Classes\Word.Document.8,,,”Microsoft Word Document”HKLM, SOFTWARE\Classes\Word.Document.8\DefaultIcon,,,”C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-01500 48383C9}\wordicon.exe,1″HKLM, SOFTWARE\Classes\PowerPoint.Show.8,,, “Microsoft PowerPoint Presentation”HKLM, SOFTWARE\Classes\PowerPoint.Show.8\DefaultIcon,,,”C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-015 0048383C9}\pptico.exe,1″HKLM, SOFTWARE\Classes\Excel.Sheet.8,,,”Microsoft Excel Worksheet”HKLM, SOFTWARE\Classes\Excel.Sheet.8\DefaultIcon,,,”C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-01500483 83C9}\xlicons.exe,1″HKLM, SOFTWARE\Classes\Access.Application.11,,,”Microsoft Office Access Application”HKLM, SOFTWARE\Classes\Access.Application.11\DefaultIcon,,,”C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-01 50048383C9}\accicons.exe,1″HKCU, Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced, Hidden, 0×00010001,1HKCU, Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced, HideFileExt, 0×00010001,0HKCU, Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced, ShowSuperHidden, 0×00010001,1HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden,WarningIfNotDefault,0,”@ shell32.dll,-28964″
[del]HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\Explorer,NoFolderOptionsHKCU, Software\Microsoft\Windows\CurrentVersion\Policies\System,DisableRegistryToolsHKCU, Software\Microsoft\Windows\CurrentVersion\Policies\System,DisableTaskMgrHKCU, Software\Microsoft\Windows\CurrentVersion\Policies\System,DIsablecmdHKCU, Software\Microsoft\Internet Explorer\Main, Window TitleHKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer,NoFolderOptionsHKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System,DisableRegistryToolsHKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System,DisableTaskMgrHKLM, SOFTWARE\Policies\Microsoft\Windows NT\SystemRestoreHKCU, Software\Microsoft\Windows\CurrentVersion\Run, SystemHKCU, Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktopHKCU, Software\Microsoft\Windows NT\CurrentVersion\Winlogon, shellHKCU, Software\Policies\Microsoft\Windows\System, DisableCMDHKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\HideFileExt, WarningIfNotDefaultHKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Run, cintakuHKLM, SOFTWARE\Classes\exefile, FriendlyTypeName
5. Deleted file %systemroot%\Windows\desktop.ini using DOS prompt.
6. Find and deleted master files in hard disk and flash disk (if you use them), before you doing this set to show any hidden files in your computer.
Here the files list to deleted:
C:\Documents and Settings\%user%\Start Menu\Programs\Startup\Winhelp.exeC:\Documents and Settings\%user%\Start Menu\Programs\Hellloo_Gheea.exeC:\Documents and Settings\%user%\My Documents\Jangan_Dihapus_Apalagi_Dibuka.exeC:\Documents and Settings\%user%\Start Menu\Koplaxz Kudo Shop.exeC:\Documents and Settings\%user%\Start Menu\Programs\Hellloo_Gheea..exe
C:\WindowsTourWindowsXP.exesvchost.exeKudo.comcommand32.pifKopLaXz@KudoShop.exe
C:\F4HM1_KudO_M4n4j3r.exeC:\G0d3G.exeC:\Ghe@_i_miss_u.3gp.exe (All Drive)C:\K0pL4xZ.exeC:\K 0 P L 4 X Z.exeC:\KopLaXz@KudoShoP.exe (All Drive)C:\R0n13G4N_G3Ndut_S3xY.exeC:\R3eve5.exe
C:\K0pL4xZ@KudoShop (All Drive)folder.httmsvbvm60.dllK0pL4xZ.exe
C:\K0pl4xZ@KudoShop\K0pL4xZ.exe
C:\[spasi] WINDOWS\System_FriendZ_KopLaXz32F4HM1_KudO_M4n4j3r.exeG0d3G.exeK 0 P L 4 X Z.exeR0n13G4N_G3Ndut_S3xYR3eve5.exe
C:\ [space] Windows\Zx4Lp0K.htmlC:\WIndows\system32\smkn2majalengka.scrC:\Windows\system32\PCMAV.exeC:\Windows\system32\Asholest.exeC:\Documents and Settings\%user%\SendTo\KoPLaXzKudo(e-mail).exeC:\Autorun.inf (All Drive)C:\Desktop.ini (All Drive)C:\A Letter 4 Ghe@.txt (All Drive)C:\K0pL4xZ@kUdO_5h0P.txtC:\Documents and Settings\All Users\Desktop\A Letter 4 Ghe@.infC:\WIndows\desktop.ini
Next search any files which have same criteria below and deleted it.
Using Icon “Windows Media Player” clasic / 3GP Video Format Size 31 KB Using .EXE, .PIF, .COM and .SCR extension Type file “Application” 7. Reboot your computer and checked with updated AntiVirus.