Follow the steps below and you will need no antivirus / removal tool to get rid of em.
If you need any help/have any doubts,post it in comments,so that i'll be able to help you out.
Procedure to remove Khatra.exe virus
1)Go to task manager and select regsvr.exe(if found), gHost.exe , khatra.exe , Xplorer.exe rt click and select end process tree.
press WIN+r or start>RUN
2)type cmd and hit enter
3)GO to the the drive where your OS is installed
4)In the command prompt make sure you get the command line as c:\ or d:\ (this can be achieved by the command "cd .." without quotes)
5)Type attrib -s -h -r khatra.exe
Repeat the same process for the location c:\windows\system32
6)type del khatra.exe
7)Follow the same process for gHost.exe & Xplorer.exe as they are also part of the virus.
To make sure that the virus is out of you pc , check your registry
1)win+R type regedit
2)ctrl+F type in search one by 1 the names of the 3 processes i.e khatra,gHost,Xplorer
3)search the entire registry n go-on deleting the values you find.
Registry Disabled?Click Here
After deleting khatra from your pc, your control panel will be disabled.. to enable it go here.
http://dungeonworks.blogspot.com/search?q=control+panel
To remove regsvr.exe(virus) click here
** Originally Posted Here @ D Works **
If you need any help/have any doubts,post it in comments,so that i'll be able to help you out.
45 comments:
Thank you very much. It worked.
I was having problem with this virus for a long time and none of the method i tried before this was effective.
Thanks again
Thanks a lot dude....
this f**king damn...has given me alot of head ache
1.disabling task manger
2.hacking browser
3.reseting network connection...
4.at last i f**ked his mother
Thanks a lot dude...it really worked. I'm free of this most notorious virus now. Thanks a lot!!
Rudy
http://trafficpython.com/x/aff/51901
Income for Life!!
Thank you very much! This took care of the issue ..
Much Mahalo
hi
i am getting problem showing that the registry editing has been diasbled by your administrator
can you solve this
D.S.Venkatesh
just follow the simple steps here to enable registry editing
http://dungeonworks.blogspot.com/2009/05/enable-registry.html
hi,
i have my os in d drive. formatted my c cuz of this virus only but it never went eventually.. the method u described is not working for me.. khatra doesnt exist is wat i get if i type in cmd
Since your OS is in D:\ drive the virus's root is in d drive .. so
At first goto cmd and if its in c drive then type cd .. and hit enter do this untill you get c:\
then type d: to change your drive to d now follow from step 5 in the post above.
i am getting like this after removal....
Unable to open "C:\Windows\system32\khatra.exe"
wat to do????
@ above
Go to task manager go to procesess and find regsvr.exe(if found), gHost.exe , khatra.exe , Xplorer.exe rt click and select end process tree.
then proceed with the remaining steps
sir any one can guide to enable my controlpanel because khatra is making my system control panel disable pls help me very urgent
saravanan
http://dungeonworks.blogspot.com/2009/05/enable-control-panel.html
saran .. try this, it'll work for sure.
the registry entry can not be deleted
@ above
Go to task manager go to procesess and find regsvr.exe(if found), gHost.exe , khatra.exe , Xplorer.exe rt click and select end process tree.
then proceed with the remaining steps
I have followed all the steps present in the blog and have got rid of the Trojan i think. My reg edit is now working and so is my control panel thanks to you and none of the 3 mentioned processes are present in task manager. But I still have two problems :
1) I cant enable my security center in Vista
2) At startup I still get an alert message titled Desktop - Could not load or run 'C:\Windows\system32\KHATRA.exe' specified in the registry. Make sure the file exists on your computer or remove the refrence to it in the registry.
Now when I click on OK for this message only then do the other startup programs load.
Now could you guide to get rid of this startup alert that i get and also enable the security center ?
Thanks
Aditya
Go to regedit
HKCU>Software>microsoft>windows>current Version>Run
To the right you'll find khatra.exe/gHost.exe or Xplorer.exe select it and delete it.
Restart the system.. if you still get the error goto run msconfig > startup and then unselect khatra.exe/gHost.exe or Xplorer.exe
Hi
Whenever I do step 1... the process (khatra.exe and others) comes up again automatically in the task manager and does not get removed from list
PLEASE HELP!
hi,
i tried to remove khatra from my sys by locatin it... but my cmd prompt is tellin me tat the file is not found in any of the drives...
wa do i do?
Hi
Thank you very much,
It really worked. i have removed the gotamn virus from my conputer. i had also problem in restoring my control panel .
i got this sorted out by running gpedit.msc in the cmd window..
Sorry for the late reply
Pavi
i think your antivirus has deleted the virus , just go onn deleting the registry enteries.
Prahlad
rt click on the process and select "END TREE PROCESS"
Big Boss
your welcome
U told to....
Go to regedit
HKCU>Software>microsoft>windows>current Version>Run
i can reach till the run process...after that.... To the right ... khatra.exe/gHost.exe or Xplorer.exe are not found....what to do?give me the suggestion ...and also it causes beep sound after the startup....pl give me the suggestion as soon as possible...
@above
go to start>run> type "msconfig" hit enter, click startup and seach there for khatra.exe/gHost.exe or Xplorer.exe deselect it now to the rt of the names you ll see the registry location like HKLM>Software>micr... etc go to that location using regedit , select and delete it.
even after this steps khatra.exe is still in my pc. When I open ttask manager khatra.exe will be their . it shows it is in location c:\windows\prefecth\. Please help me how to remove the khatra.exe
Check my blog on how to remove khatra , trojan viruses here :http://dtechwiz.blogspot.com
tanx u very much....it worked
Hey Nix , did u accidently create gHost and khatra and other .exe ? I mean you got all the replies for questions posted. Great human , good work :)
hi nix in my system khatra .exe virus r there when ever i start pc sudennly one text box r open and other one is in my system volume is gone i think this is khatra virus effect wat to do plz tell me
sir i cant see processes called gHost.exe , Xplorer.exe in my task manager what should i do? also i am getting a message called access denied in command prompt. what should i do??? pls tell me
hey dude i did as same u mention in registry when searched for khatra.exe
it is come as default and was not deleting how to delete it
my windows installer is also removed by this virus and im not able to bring the control panel back with ur link.
pls suggest a solution
Found useful.. It's working..
Regards,
Muthuraj L
www.mysearchhistory.co.cc
However there are some trusted freewares on the web to remove Khatra.exe from the system..
My Search History
Hi, my computer is effected with khatra.exe, i can't end it from task manager, end process is disabled, msconfig is not working, gpedit.msc is not working, my computer properties are not working. someone help me please.
Thanks & Regards,
Vimal
Well Khatra removed but how do i remove all the duplicated folders......its taking memory like crazy!!!...thnx
@ soumya: goto prefetch path using step 3... and then follow the same procedure from step 5
@ maddy 006: a little more specifics plz.. what does the text box say?
@ babu:http://dungeonworks.blogspot.com/2010/06/sergwia-anti-viral-tool-kit-remove.html
@shekar: select it and press delete key
@debu:http://dungeonworks.blogspot.com/2010/06/sergwia-anti-viral-tool-kit-remove.html
@vimal: select the process and hit delete key, use this to remove other restrictions
http://dungeonworks.blogspot.com/2010/06/sergwia-anti-viral-tool-kit-remove.html and use this instead of task manager and end the processes
http://dungeonworks.blogspot.com/2010/06/process-explorer.html
@ditz: download n install a antivirus like eset , update it and then scan ur pc, it will do the job
When I search for khatra, ghost, xplorer in registry I am getting lot of entries not related to those words, do I need to delete them all? I only deleted those entries which has words khatra, ghost, xplorer but this virus is coming back again n again.
Having horrible time. Creating lot of duplicate folders eventhough I have anti-virus installed/running on my PC
Please suggest.
I went to task manager, but there is no regsvr.exe, gHost.exe , khatra.exe , Xplorer.exe . But still everytime I turn on the computer, there is always a dialog box sayingthat there is khatra.exe. and you have to type this in the search box and run it properly.
@kiran
check in the task manager if the the processes are still running and only delete the exact matches in the registry not all the similar ones.
@prashant
Khatra virus is out of your system all you need to do is remove it from the registry , the moment you do it win will stop showing you the message
i removed the virus by following the instructions, But I still have the traces of the virus on my gallery folder. I has a duplicate folder of the parent folder inside each and every folders. Is there a way to remove all?
when i try to using attrib -s-h-r khatra.exe, it says access denied.
Thanks, But Most of the files are Duplicate in to two...Could u tell how to solve this problem...
Thanks, But Most of the files are Duplicate in to two...Could u tell how to solve this problem...
i can't find that regvsr.exe in my task manager what am i supposed to do???
I dont understand
can you plaese give me a video tutorial
Post a Comment