KHATARNAK.exe windows message

Viruses and worms
1

Dear AVAST!

I have installed AVAST! home version 4.8 in my laptop (IBM THINK PAD) RUNNING ON WINDOWS XP professional. after scanning the system AVAST!
cleaned the system but I am getting a windows message when ever I login “windows cannot find KHATARNAK.exe make sue you type the name correctly”

This message is still appearing even removed it from the startup list.
any solution ?

Thankyou,

kudur suresh

2

Welcome to the forums, kudursuresh. :slight_smile:

KHATARNAK.exe is a worm/cloaked malware/backdoor trojan that you do not want.

http://www.prevx.com/filenames/X2803650840235781996-0/KHATARNAK.EXE.html

Do you use Yahoo Messenger?

http://www.threatexpert.com/report.aspx?uid=09cbc2c7-a2e6-4202-af9a-61b5e0b9410c

I suggest using this tool … http://www.malwarebytes.org/mbam.php … and please post the log text here.

3

I suggest:

  1. Clean your temporary files.
  2. Schedule a boot time scanning with avast with archive scanning turned on. If avast does not detect it, you can try DrWeb CureIT! instead.
  3. Use SUPERantispyware, MBAM (like Charley suggested) or Spyware Terminator to scan for spywares and trojans. If any infection is detected, better and safer is send the file to Quarantine than to simple delete them.
  4. Test your machine with anti-rootkit applications. I suggest avast! antirootkit or Trend Micro RootkitBuster.
  5. Make a HijackThis log to post here (like Charlie suggested) or this analysis site. Or even submit the RunScanner log to to on-line analysis.
  6. Disable System Restore and then reenable it again.
  7. Immunize your system with SpywareBlaster.
  8. Check if you have insecure applications with Secunia Software Inspector.

I also suggest that you check your startup items to see and remove the one that is trying to start the infected file.

4

It is possible that this is because the file has actually been removed but there is a registry entry entry left behind that is trying to run this file. Hopefully MBAM suggested by CharleyO would get rid of any redundant/suspect registry entries.

Have you had any avast or other detections recently ?