HT Logs. Tips, FAQs, Analyze.

klmdb.sys is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: klmdb
Filename: klmdb.sys
Registry key:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\klmdb.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\klmdb.sys

Command: C:\WINDOWS\system32\drivers\klmdb.sys
Startup Type: Driver
Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\klmdb.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\klmdb.sys]
S4 klmdb;klmdb; C:\WINDOWS\system32\drivers\klmdb.sys [2010-05-14 36488]

Description: trojan-rootkit

How to remove: use Malwarebytes` Anti-malware + Kaspersky virus removal tool or manually instructions below.

Download Avenger from here and unzip to your desktop. Run Avenger, copy,then paste the following text in Input script Box:
Drivers to delete:
klmdb

Registry keys to delete:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\klmdb.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\klmdb.sys

Files to delete:
C:\WINDOWS\system32\drivers\klmdb.sys
Then click on ‘Execute’.

This entry was posted on Thursday, May 20th, 2010 at 1:58 am and is filed under Driver, Trojan. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.