Resolved Question
Show me another »How to remove the message 'Windows cannot find '''C:\WINDOWS\KesenjanganSosia… from desktop at start?
It does no obvious harm otherwise.
Best Answer - Chosen by Asker
Actually "%windir%\kesenjangansosial.exe" or
KesenjanganSosial.exe is a worm W32.Brontok-L.
W32/Brontok-L attempts to send itself to email addresses harvested from the computer. The worm will also attempt to modify various Windows Explorer settings.
KesenjanganSosial.exe spreads by e-mail.
How it works?
When first run W32/Brontok-L copies itself to:
<User>\Local Settings\Application Data\br6591on.exe
<User>\Local Settings\Application Data\csrss.exe
<User>\Local Settings\Application Data\inetinfo.exe
<User>\Local Settings\Application Data\lsass.exe
<User>\Local Settings\Application Data\services.exe
<User>\Local Settings\Application Data\smss.exe
<Windows>\KesenjanganSosial.exe
<Windows>\ShellNew\RakyatKelaparan.exe
<System>\cmd-brontok.exe
The following registry entries are created to run br6591on.exe and RakyatKelaparan.exe on startup:
HKCU\Software\Microsoft\Windows\Curren…
Tok-Cirrhatus-2784
<User>\Local Settings\Application Data\br6591on.exe
HKLM\SOFTWARE\Microsoft\Windows\Curren…
Bron-Spizaetus
<Windows>\ShellNew\RakyatKelaparan.exe
The following registry entry is changed to run KesenjanganSosial.exe on startup:
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
Shell
Explorer.exe "<Windows>\KesenjanganSosial.exe"
(the default value for this registry entry is "Explorer.exe" which causes the Microsoft file <Windows>\Explorer.exe to be run on startup).
The following registry entry is set, disabling the registry editor (regedit):
HKCU\Software\Microsoft\Windows\Curren…
DisableRegistryTools
1
Registry entries are set as follows:
HKCU\Software\Microsoft\Windows\Curren…
NoFolderOptions
1
HKCU\Software\Microsoft\Windows\Curren…
DisableCMD
0
HKCU\Software\Microsoft\Windows\Curren…
Hidden
0
HKCU\Software\Microsoft\Windows\Curren…
HideFileExt
1
HKCU\Software\Microsoft\Windows\Curren…
ShowSuperHidden
0
All Related files with this worm are:
%Windows%\KesenjanganSosial.exe
%Windows%\ShellNew\RakyatKelaparan.exe
%System%\cmd-brontok.exe
%System%\br6591on.exe
Removal :
Try to delete them and replace %Windows% with your windows directory and %System% with your Windows/System directory.
To Removal it , Kill KesenjanganSosial.exe process and remove KesenjanganSosial.exe from Windows startup using RegRun Startup Optimizer.
You can get a copy of RegRun from their website http://www.greatis.com/security/buy.htm
or can try a free version at www.download.com.
Thanks
KesenjanganSosial.exe is a worm W32.Brontok-L.
W32/Brontok-L attempts to send itself to email addresses harvested from the computer. The worm will also attempt to modify various Windows Explorer settings.
KesenjanganSosial.exe spreads by e-mail.
How it works?
When first run W32/Brontok-L copies itself to:
<User>\Local Settings\Application Data\br6591on.exe
<User>\Local Settings\Application Data\csrss.exe
<User>\Local Settings\Application Data\inetinfo.exe
<User>\Local Settings\Application Data\lsass.exe
<User>\Local Settings\Application Data\services.exe
<User>\Local Settings\Application Data\smss.exe
<Windows>\KesenjanganSosial.exe
<Windows>\ShellNew\RakyatKelaparan.exe
<System>\cmd-brontok.exe
The following registry entries are created to run br6591on.exe and RakyatKelaparan.exe on startup:
HKCU\Software\Microsoft\Windows\Curren…
Tok-Cirrhatus-2784
<User>\Local Settings\Application Data\br6591on.exe
HKLM\SOFTWARE\Microsoft\Windows\Curren…
Bron-Spizaetus
<Windows>\ShellNew\RakyatKelaparan.exe
The following registry entry is changed to run KesenjanganSosial.exe on startup:
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
Shell
Explorer.exe "<Windows>\KesenjanganSosial.exe"
(the default value for this registry entry is "Explorer.exe" which causes the Microsoft file <Windows>\Explorer.exe to be run on startup).
The following registry entry is set, disabling the registry editor (regedit):
HKCU\Software\Microsoft\Windows\Curren…
DisableRegistryTools
1
Registry entries are set as follows:
HKCU\Software\Microsoft\Windows\Curren…
NoFolderOptions
1
HKCU\Software\Microsoft\Windows\Curren…
DisableCMD
0
HKCU\Software\Microsoft\Windows\Curren…
Hidden
0
HKCU\Software\Microsoft\Windows\Curren…
HideFileExt
1
HKCU\Software\Microsoft\Windows\Curren…
ShowSuperHidden
0
All Related files with this worm are:
%Windows%\KesenjanganSosial.exe
%Windows%\ShellNew\RakyatKelaparan.exe
%System%\cmd-brontok.exe
%System%\br6591on.exe
Removal :
Try to delete them and replace %Windows% with your windows directory and %System% with your Windows/System directory.
To Removal it , Kill KesenjanganSosial.exe process and remove KesenjanganSosial.exe from Windows startup using RegRun Startup Optimizer.
You can get a copy of RegRun from their website http://www.greatis.com/security/buy.htm
or can try a free version at www.download.com.
Thanks
- Asker's Rating:
- Asker's Comment:
- I used RegistryWorks lite because the worm which caused it also disabled the regedit.
There are currently no comments for this question.
* You must be logged into Answers to add comments. Sign in or Register.
Other Answers (6)
- Click on start> click run>type in msconfig. Goto startup look for KesenjanganSosia... uncheck the box next to it. And then restart.
then
Windows Live OneCare safety scanner is a free service designed to help ensure the health of your PC.
http://onecare.live.com/site/en-us/defau…
Check for and remove viruses - Click Start Menu>Run> Type "regedit" and click OK to run Registry Editor
Search for a key named "Shell" which located at
My Computer>
HKEY_Local_Machine>
SOFTWARE>
Microsoft>
WindowsNT>
CurrentVersion>
Winlogon
Change the value of "Shell" key to "Explorer.exe"
Restart windows and if problem persist, call your PC manufacturer - open my computer . right click ,properties , tools tab ,check both boxes to repair files and bad sectors . do as the next window says ,to restart . this will scan and repair as the boxes indicate.
Source(s):
xp help and support - i can give you a couple of ideas, 1st you can try right clicking the content and choosing the delete option in that window to remove most likely this will take it off of start desktop 2nd if this is content that you have downloaded or installed you can press start go to> control panel>Add and remove software> once that control window has been open you can scroll and look for the content. In any case the 1st option is your best answer and for further information these answers can remove any content or program you wish to get rid of...
Source(s):
computer geek to the heart - try running the following two menus of ccleaner
cleaner > Analyze > Run Cleaner
issues > Scan For Issues > Fix Selected IssuesSource(s):
- Your operating system is defective. I recommend replacing
it with one of:
http://fedora.redhat.com
http://www.opensuse.org
http://www.debian.org
http://www.ubuntu.org
http://www.slackware.org
http://www.freebsd.org
http://www.opensolaris.org
Open Questions in Security
- protecting word documents and power point presentations from copying and alterations?
- Which program is best in Internet Security?
- anybody know how wo get a premium account in rapidshare?
- How to disable filetransfer in skype & alsokeyHKLM\SOFTWARE\Policies\Phone] missing in the register pls help?
Answers International
- Argentina
- Australia
- Brazil
- Canada
- China
- France
- Germany
- Hong Kong
- India
- Indonesia
- Italy
- Japan
- Malaysia
- Mexico
- New Zealand
- Philippines
- Quebec
- Singapore
- South Korea
- Spain
- Taiwan
- Thailand
- United Kingdom
- United States
- Vietnam
- en Español
Yahoo! does not evaluate or guarantee the accuracy of any Yahoo! Answers content. Click here for the Full Disclaimer.
Help us improve Yahoo! Answers. Tell us what you think.
Copyright © 2009 Yahoo! Inc. All Rights Reserved.