Remove Kbroy

Kbroy Description

Kbroy, also known as Maha, is a parasitic keylogger that records all user keystrokes in attempt to steal important passwords and login names. Gathered data might be transferred to the remote attacker. Kbroy also changes some Internet Explorer settings and disables the Windows Firewall. The keylogger automatically runs on every Windows startup.

Remove Kbroy

Stop the following Kbroy processes:
winupgrm.exe


Remove the following Kbroy registry keys:
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRunwinctrl
HKEY_LOCAL_MACHINESOFTWAREMicrosoftActiveSetupInstalledComponentswinctrl
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyStandardProfileEnableFirewall=0
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyStandardProfileDisableNotifications=1
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesRasManParametersDisableSavePassword=1
HKEY_CURRENT_USERSoftwareMicrosoftInternetExplorerMainFormSuggestPasswords=no
HKEY_CURRENT_USERSoftwareMicrosoftInternetExplorerMainFormSuggestPWAsk=no
HKEY_CURRENT_USERSoftwareMicrosoftInternetExplorerMainUseFormSuggest=no


Unregister the following Kbroy DLL files:
sqlserver.dll


Delete the following Kbroy files:
winupgrm.exe
sqlserver.dll

Other Spyware

0-9

A

B

C

D

E

F

G

H

I

J

K

L

M

N

O

P

Q

R

S

T

U

V

W

X

Y

Z