Well,no one realized it so far i think.
"Kal Exenia" is backdoored.
Well,After i downloaded the update and started Kal exenia,In my Task manager there appeared a process called "05.gtx" and the Description was something with "VirtualDub blabla"
That Virtualdub shit downloads a file on ure computer called "svchost.exe" which is in User->AppData->Roaming
(WHEN U CANT SEE APPDATA,PRESS ALT THEN THERE APPEARS A BAR ON TOP..Press folder options there and then "View" "View Hidden files and folders" tick it"
The "svchost.exe" from exenia:
Backdoor:Win32/Fynloski.A: is a trojan that allows unauthorized access and control of an affected computer.
Removal:
First end the process "05.gtx" and "svchost.exe".u will find svchost.exe in process list because the descrption is not "Hostprocess"..The Description is "Dubline blablabla" something like that.End that process then go to
User->AppData->Roaming and delete "svchost.exe"
Next..Go to RUN->regedit
Move to
hklm\software\microsoft\active setup\installed components\{yl429-e1848ab-s6zxn-1n2j88-cyg87qm5s}
And remove the "svchost.exe" there.
Then go to
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
And remove the "svchost.exe" there
Done,you removed the virus.
PS:
hklm\software\microsoft\active setup\installed components\{yl429-e1848ab-s6zxn-1n2j88-cyg87qm5s}
they key {yl429-e1848ab-s6zxn-1n2j88-cyg87qm5s}} is different,just check them!
FOR SAFETY CHANGE URE PASSES (Epvp,msn etc)
when you start exenia again the virus with probably come back.
Need any Support?: msn :
ANOTHER infected file:
"cd.scr" in KalExenia->Map
the format is .scr (Screensaver) And it opens up like a normal .exe file.
21kb sized with UPX
the engine.exe is binded with a file called "cd.scr",When you Start "KalExenia" the "cd.scr" will automatically run with the engine.exe and it drops svchost.exe in ure process and AppData Folder.
So Everytime you start kalexenia,The virus will come back.