Remove any Korgo worm variants from an infected computer
The F-Korgo utility disinfects computers infected with Korgo.P (also known as Padobot.G) and Korgo.Q (also known as Padobot.H) worm variants.
· Unpack the F-Korgo utility from the provided ZIP archive
· Run the unpacked F-Korgo.exe file from a hard disk to eliminate the infection. You can run the utility by either double-clicking on it from Windows Explorer or you can start it from a command interpreter (COMMAND.COM or CMD.EXE) by typing its name at command prompt and pressing ‘Enter’ (for advanced users).
First the F-Korgo utility will kill Korgo worm’s processes in memory. Then the utility will remove Registry entries created by the worm. Finally the utility will scan all hard drives for infected files and delete them.
· Restart your computer. After reboot your PC should be 100% clean.
Korgo worm uses LSASS exploit to spread to remote computers. That is why it is very important to install the security patch against LSASS vulnerability to avoid re-infection.
During disinfection of Korgo worm variants the F-Korgo utility will have to temporarily close Explorer.exe file (one of the main Windows components) that will result in disappearing of all icons on a desktop and a taskbar on the bottom of the screen. This is normal, the tool will restart Explorer.exe file as soon as scanning of a hard drive is finished. Also in some cases a new Explorer window may appear after disinfection. This is also a normal behaviour.
If a computer with Windows NT, 2000 or XP system is being disinfected, please log in as Administrator or as a user with local admin rights, otherwise the F-Korgo utility might not disinfect the system correctly.
If you have Windows ME or XP, it is recommended to disable System Restore feature of these operating systems to prevent your computer from re-infection with Korgo worm. The fact is that System Restore feature of these operating systems might save the infected file into the special folder and copy it back to a hard drive it every time it’s been deleted by F-Korgo utility.
Please comments and give ratings. You may also report of broken or incorrect link using comments box below. Thanks!