Harmful SMKN XTI3 MAJA.exe, zard.exe, SalamKenal.exe
The file names SMKN XTI3 MAJA.exe, zard.exe, SalamKenal.exe have appeared in an virus analysis report.
This virus installer may download more harmful files from the internet.
It is always possible that there could be some legitimate application using the same file name, you should be in a better position to find that out, if the file/process on your computer belongs to some legitimate application or not by using special software like the Microsoft’s Windows Defender and Sysinternal’s Process Explorer. Both are freeware.
You need to search and delete its files and end any running process from Task Manager, and remove the file’s entry from windows startup.
These are the files created by this virus installer
C:\Autorun.Inf
c:\Winlogon.exe
C:\Documents and Settings\[UserName]\Favorites\SalamKenal.Exe
C:\Documents and Settings\[UserName]\SendTo\System.Exe
C:\Documents and Settings\[UserName]\NetHood\Isass.Exe
C:\Documents and Settings\[UserName]\PrintHood\csrss.Exe
C:\Documents and Settings\[UserName]\Start Menu\Programs\ctfmon.Exe
C:\Documents and Settings\[UserName]\Start Menu\Programs\Startup\WinLogon.Exe
C:\Documents and Settings\[UserName]\My Documents\services.Exe
C:\Documents and Settings\[UserName]\Templates\smss.Exe
C:\Windows\System32\zard.exe
C:\Windows\System32\SMKN XTI3 MAJA.exe
(Here is a brief info of legitimate windows files of the same name)
csrss.exe is client server runtime service if it is located at C:\Windows\System32 folder. The filename Isass.exe is misleading (Eye saas) The legitimate file in windows is Lsass.exe.
services.exe is a filename that is used in the Services Control Manager, which is responsible for running, ending, and interacting with system services. The legitimate services.exe file is found at C:\Windows\System32.
You need to follow these steps.
- Enable to view hidden files and folders
- remove these processes from Task manager
SMKN XTI3 MAJA.exe, zard.exe, SalamKenal.exe - Remove entries of the file from windows startup which you can access using the msconfig command.
- Search and delete the the files listed above from the computer’s hard disk using the windows search utility
- In the end use a freeware temp files cleaner like the CCleaner to celan the temp files and the registry.
- Check the computer with online Scanners to find out if the computer is clean and safe.
Whereas you can repair any the restrictions created by the virus, such as disabled registry tools/ disabled Task Manager etc using these free tools
Tools for Windows XP
Tools for Windows Vista
This is a brief guide for handheld devices. For detailed article see this link using your laptop/computer.
Categories: Harmful EXE Files