MSN Email Spam Virus - kqoka.exe

**Hybr!d** · #1 30th Apr 2008, 06:06

This needs specialist help so evilfantasy, over here mate!

My dad has got a MSN virus that send 100's of emails from his PC a second, can see the avast scanner picking them up.

Internet speed is also non existant.

Have tried everything from virus scans to HJT.

A file called kqoka.exe seems the cause.

Let me know where to start mate, thanks.

**evilfantasy** · #2 30th Apr 2008, 11:36

Try this first.

Download MsnVirRem.exe to your desktop from one of the following mirrors.

First close any other programs you have running as this will require a reboot
Double click MsnVirRem.exe to run it
Once open, click the button labeled Search and Destroy
- Your computer will now be scanned for Infected Files
When scanning is finished you will be prompted to reboot only if infected, Click OK
Now click the REBOOT Button.
After the Reboot, you WILL receive file not found errors (usually 4) please acknowledge them and continue.
A Message should popup fromMsnVirRemif not, double click the program again and it will finish

Please Post the contents of C:\msnvirrem.log along with a fresh HijackThis log

----------

Also post a Hijackthis log.

**Hybr!d** · #3 30th Apr 2008, 14:01

Managed to sort this now mate, had to delete the file in the system32 folder as well as deleting the entry's in hijackthis.

Thanks all the same fella.

**evilfantasy** · #4 30th Apr 2008, 14:07

Dave, it would be good to run the tool as well as SDFix. I have seen this virus found in up to 10 different locations from file folders to system files as well as windows folders. It's a pretty crafty bugger.

Download SDFix.exe and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following:

Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, the Advanced Options Menu should appear;
Select the first option, to run Windows in Safe Mode, then press Enter.
Choose your usual account.
Open the extracted SDFix folder and double click RunThis.bat to start the script.
Type Y to begin the cleanup process.
It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
Press any Key and it will restart the PC.
When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
(Report.txt will also be copied to Clipboard).
Finally add the contents of the Report.txt in your next post.

You don't need to post any logs, I know you are a fair hand at malware removal when you need to be

**Hybr!d** · #5 30th Apr 2008, 15:05

ok mate, will do, thank you!

**philthomas** · #6 1st May 2008, 02:04

Is this the Desktop you flogged to your Dad Dave ? ......
I dunno ..... thought you might at least of cleared all the spyware, before giving it to him

**Hybr!d** · #7 1st May 2008, 02:16

Na it's his old one, mine is squeaky clean.