It creates hidden executables with names like yttd.exe and always sets explorer to not show the hidden files. I have avira antivirus and already tried a few other ones but although sometimes it detects them as a virus most of the time it doesn't. Please help recommend a good virus remover. Thankszminin dot com

Hitry booting in safe mode and than remove the files.

Hi zmin, thanks for the post. I suggest you also check the following article regarding Windows 7 compatible antivirus program:Windows 7 security software providers http://www.microsoft.com/windows/antivirus-partners/windows-7.aspxHope this helps!Sean Zhu - MSFT

cool but upon removal it keeps reappearing. i dont feel like installing 10 different antivirus software. the virus is detected and removed but it keeps returning. i'll try some anti-spyware.zminin dot com

have you tried Bitdefender, well it looks like the virus keeps a copy somwhere and when you delete it, it re creates the same.Also many times these kind of malicious virus attach themself to explorer.exe or any other system resource. The only way to remove is use Hijack this or Sysinternals Autoruns and deselect those files from running on thenext boot. Would recommend starting the infected Machine in safemode and using Autorun to remove those files.....

Ok, I'm going to suggest that an A-V (alone)doesn't address everything. Often what gets thought of as "virus" is malware of some sort & needs malware tools to go to work on such things. For an A-V I like & recommend Avast. But, for you scenario I would suggest running Malwarebytes & Defender scan. Shut off Sys Restore whilst running Malwarebytes.www.avast.com http://download.cnet.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html?part=dl-10804572&subj=dl&tag=buttonDrew - MS Partner / MS Beta Tester / Pres. Computer Issues

Do the above and you can try this as wellRun in safe mode with network supporthttp://www.microsoft.com/downloads/details.aspx?FamilyId=AD724AE0-E72D-4F54-9AB3-75B8EB148356&displaylang=enhttp://onecare.live.com/site/en-us/default.htm

i tried avast, avira, ms removal tool and anti-malware with no results. i've attached a snapshot on the virus on my website, maybe you guys can help submit it to their respective tech centers: http://zminin.com/virus.zip (use carefully) http://zminin.com/virus.jpg zminin dot com

So you can't remove the virus even in safe mode and by using multiple programs?If the virus file always restores itself it must be somehow positioned deep in the system.Another option is to delete it by using the real system administrator @safe mode. Open the command prompt as an admin, type cmd and than type: net user administator /active=yes ,reboot (in safe mode).This will enable the administator on the next login.Try the same things as above and particularly scan the system files (C:\System and System32, ...).Maybe this helps.

nope, i have admin rights on both pc's in the vpn (a xp desktop and a windows7 laptop). i'm thinking reinstalling windows on both will not sufice since NONE of the antivirus or anti-spyware software even DETECTS the file as being a virus. either that, or the executable has already been cleaned, which i seriously doubt since the symptoms and propagation are still there. i'd say this is a pretty serious issue and the companies involved in producing software against such malware should be interested with a solution. the source of the problem seems to be to me either realVNC/tightVNC remote software (which almost everytime i installed ended up in someone hacking my computer) or could be just the fact that i seldom use my laptop to connect to unsecure wifi networks (while file sharing is probably still on). thanks from romania.zminin dot com

When connecting using realVNC is the connection encrypted or secure in any way ?? Would suggest you use a encrypted/secure connection while using and remote access software.....

I don't mean the standard admin! Doing so, you enable the real admin. Keep that in mind.

Rather than using a virus scanner, I'd recommend doing this "the hard way". Download a copy of Trend Micro's "Hijack This!". It is capable of listing every startup process your machine uses, be it a system service, a registry entry, or a Browser Helper Object (BHO). I think the issues is that you think you've got all of the virus, but you haven't --and the one bit your missing runs at startup and re-infects your machine again. You can use HiJack This! to eliminate the run entry points that execute the virus, but I'd recommend doing it this way: Boot into Safe Mode. Run HiJack This!. When you find a suspicious file, open Command Prompt as administrator. Navigate to where the file is located. If the file is hidden using a DIR command, use the following command to show it: ATTRIB <filename> -S -R -H If you are sure the file is a virus, kill it. If you aren't absolutely sure, rename it to <FILENAME>.BAK or .VIR or something like that so that it won't execute, but so that you can get it back in case you need to. Do this for all suspicious files HiJack This! finds. If you are unsure if a file is malicious or not, for now use the Services console to disable it (if it is a Service) or MSCONFIG if it is loaded elsewhere. If you are sure, use HiJack This! to delete the entry point of the file by checking the required box and clicking "Fix". Once you're sure you've got everything, reboot out of Safe Mode and check your running processes. While Task Manager can do this, I recommend another tool --Process Explorer, created by the great Mark Russinovich, formerly of SysInternals (now part of Microsoft). I hope this helps. Everyone gets everything he wants. Me, I wanted to be a sysadmin. And for my sins --they made me one.

Hijack didn't work, it seems like it's not resident in memory or startup. I sent the virus sample to a few anti-virus companies. Thanks..zminin dot com

In my line of work I have to clean the virus you have at least 2 or3 times a week. I suspect you received an email or IM message that looked like someone you knew that said something along the lines of "hey just uploaded the vacation pics" or "check out the new family video" etc......The virus triggeris embedded into your system32 folder and you wont be able to clean it because Windows will tell you that it is in use (even in safe mode). Here is how I clean the client pc's http://www.ubcd4win.com/I use the Ultimate boot CD. It is fairly simple to download and set up. (**I suggest you download and set up on someone elses pc) and then once you have the CD made, you boot your PC into the CD. It has its own operating system in the cd so you will not be using windows but you will have full access to your hard drive. (Thats how you get arround the file is in use problem)Then as part of the CD you get malwarebytes, spybot seach and destroy, avg and avast among a number of other antivirus and antispyware programs.....basically you run them from the cd and select your hard drive files......you will see more virus files than youve seen so far since none will be able to hide.....delete them all based on the instructions for each of the av or antispyware programs from the cd. once completed reboot/eject cd and boot into windows.....you can run a final check with your own programs in windows if you want to double check but this has yet to fail me with what your explaining.

i have reinstalled windows (7) and after updating the anti-virus program it managed to detect a virus trace in the file. my guess is that this happened because i submitted the file to about five anti-virus companies a couple of days ago (now both avira and avast detect it, although one week ago they failed to do so). my only option was reinstalling windows - on my desktop the virus still doesn't get detected because i haven't reinstalled windows on it yet. i don't know how i got the virus - i usually don't click on any link that gets in my way, i have some pc experience to know better than that, but then again who knows someone can click on nowadays. the virus root is SPR/AutoIT.Gen so i guess problem solved with the drastic solution of reinstalling windows, that i wanted to avoid thanks anyway though. zminin dot com

a month and a half and i can still find some traces of it hidden in some root folders (hopefully inactive) i've also noticed it leaved a lot of KHV.SYS and KHT.SYS files behind, both empty and also attribbed with +hiddden +system +readonlyzminin dot com

Seems to me a .Dll is reinvoking/recreating the virus code,what u could do is investigate where and what is triggin the virus then if the .dll is not essential/part of the windows u want to remove it...hope u can find a proper solution..Regards,RR

I Googled for this and get here, I also have this on my XP 64bit (disables show hidden files, puts empty files named "khv" in some folders...) and I also have the Avira Premium as the default AV. Tried SpyBot S&D, didn't help. I wonder if it could be Avira related ? I can't reinstall the system now as I'm in the middle of some project... I'll try scanning with SUPERantispyware when I get home as someone suggested on the net.

Hi! I'm also experiencing this virus. Their is a khv (System file) on my C: and D: and a .exe file named lkpbgk.exe. I didn't noticed this until just this week after I downloaded from the Avira site an Avira AntiVir Personal. I'm also wondering if it is related to Avira. As of now, I don't know what this virus doing but a notice that whenever I delete it, it keeps on returning after rebooting or replugin a HD. Any new information regarding this? --Thanks,

'zmin',I did a wee bit of research on this item...I would suggest to replace Avira w/ MSE & (then) do a Full Scan w/ Malwarebytes.http://www.microsoft.com/security_essentials/default.aspxhttp://download.cnet.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html?part=dl-10804572&subj=dl&tag=buttonThis claims it will removeSPR/AutoIT.Gen(If you use it, remove it afterwards!)http://www.spywareterminator.com/download/download.aspxI trust this will help.Drew - MS Partner / MS Beta Tester / Pres. Computer Issues

To follow up, I have tried several methods (can't remember which exactly) and SuperAntiSpyware did the trick for me. I am still using Avira and everything is OK, its just that I started doing occasional scans with SuperAntiSpyware and it hasn't found anything since.

Or how about you download Microsoft security essentials, problem solved...OMERadio Forum manager & Administrator.

I swear I just said that..Yep there it is 2 wee boxes back wink, But, yep, good idea SmileDrew - MS Partner / MS Beta Tester / Pres. Computer Issues