How to remove Win32/Kryptik.BSG Trojan

**Aandaleeb** · 15-01-2010

Hi,
I am using Lenovo laptop with Windows Vista operating system. Yesterday I had bring my friends iPod to load some song and videos in my computer. I have also installed NOD32 anti-virus software and when I plugged in the iPod to my laptop then this NOD32 started displaying my system as infected by Win32/Kryptik.BSG Trojan. It is consuming too many resources of my computer making it very slow. NOD32 is not able to remove it but I want to get rid of it asap, so can anyone tell me how do I do it?

**Milton.J** · 15-01-2010

This Win32-Kryptik.BAG is actually a trojan which shows false security alerts and warning messages to make the users afraid that their system has some security problems and malware infections as well, but in reality it doesnt exists. It is a rogue program which claims to find all the system and registry errors and infections and also pretends to do a false scan of your system. It also suggests that it peforms system cleanup and boosting up system performance but everything is fake. There are many softwares like Spybot search and destroy to get rid of this trojan once and for all, just search and download it from the internet.

**Spyrus** · 15-01-2010

You can easily remove this Win32/Kryptik.BSG Trojan manually by following some tips that I am going to suggest to you. First of all run Task Manager and then stop the process, incase you get any problem, then log into Safe Mode. After that click Start Menu and go to Run and then type Regedit and press Enter to open Registry Editor. After that remove the registry entries made by the virus. You will also need to remove all the file and folder of the virus installed in your computer.

**Big Fish** · 15-01-2010

Below are some of the Trojan.Kryptik processes that you will need to stop in the Task Manager:
CcEvtSvc.exe
Defender32.exe
Bqsy.exe
Seres.exe
Fndn8vq.exe
Setup.exe
Svcst.exe
Ttgvow.exe
Wshost32.exe
Swb5xy.exe
Wpv681254983689.exe
Wpv791255703227.exe
Pho12D.tmp.exe
Servicelayer.exe
Odb.exe
Amoumain.exe
Vlc.exe
Svc.exe
Lsass.exe
Svx.exe
Wdmon.exe
Winupdate86.exe
Services.exe
Winlogon.exe
Ctfmon.exe
Eke8673p.exe
Wscsvc32.exe
Cmd.exe
Csrssc.exe
Av.exe

After that delete all the below files and folders of Trojan.Kryptik:
CcEvtSvc.exe
Defender32.exe
Bqsy.exe
Seres.exe
Fndn8vq.exe
Setup.exe
Svcst.exe
Ttgvow.exe
Wshost32.exe
Swb5xy.exe
Wpv681254983689.exe
Wpv791255703227.exe
Pho12D.tmp.exe
Iasrecst32.dll
Iehelpmod.dll
Servicelayer.exe
Odb.exe
Amoumain.exe
Vlc.exe
Svc.exe
Lsass.exe
Svx.exe
DivX32.dll
Eventlog32.dll
Svw.exe
Smss.exe
X1wns5nybl.exe
Wdmon.exe
Browselc32.dll
Winupdate86.exe
Services.exe
Winlogon.exe
Dzzduwcamw.dll
Ctfmon.exe
Eke8673p.exe
Cdfview32.dll
Deskmon32.dll
Wscsvc32.exe
Cmd.exe
Csrssc.exe
Procgdqk32.exe
Dpnlobby32.dll
Ntload.dll
Encapi32.dll
~TMC.tmp
~TM1C.tmp
Qxxa.exe
Dnsrslvr32.dll
Av.exe

You will also need to remove the below registry keys for Trojan.Kryptik:HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWSNT\CURRENTVERSION\WINLOGON\NOTIFY\SOFTWARE\MICROSOFT\WI NDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\dc75dc4a68
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser HelperObjects\{35A5B43B-CB8A-49CA-A9F4-D3B308D2E3CC}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser HelperObjects\{0472FB67-09DD-4E92-8262-1BFC16CDB075}
RUNNING PROGRAM\seres.exe
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ ttgvow
RUNNING PROGRAMsvcst.exe
RUNNING PROGRAMfndn8vq.exe
RUNNING PROGRAMsetup.exe
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ mserv
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ bqsy
RUNNING PROGRAM\svcst.exe
RUNNING PROGRAM\fndn8vq.exe
RUNNING PROGRAM\setup.exe

Once you have removed all this things then restart your pc to take affect.