What is KB5625711.exe, How to remove KB5625711.exe
KB5625711.exe is a harmful program.
It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum. |
Name: KB5625711
Filename: KB5625711.exe
Registry key:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | KB5625711.exe
Command: %AppData%\{RANDOM}\KB5625711.exe
Startup Type: HKCU->Run, Startup Folder
HijackThis Category: O4
HijackThis Line:
O4 – HKCU\..\Run: [KB5625711.exe] C:\Documents and Settings\user\Application Data\692A3AB5356E8BA8D60B237EB24238F7\KB5625711.exe
O4 – Startup: Malware Destructor.lnk = C:\Documents and Settings\user\Application Data\692A3AB5356E8BA8D60B237EB24238F7\KB5625711.exe
DDS Line:
uRun: [KB5625711.exe] C:\Documents and Settings\user\Application Data\692A3AB5356E8BA8D60B237EB24238F7\KB5625711.exe
Combofix/RSIT Line:
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“KB5625711.exe”=C:\Documents and Settings\user\Application Data\692A3AB5356E8BA8D60B237EB24238F7\KB5625711.exe
Description: core component of Malware Destructor 2011 (rogue antispyware)
How to remove: use the Malware Destructor 2011 removal guide or the steps below.
1. Download HijackThis from here and save it to your desktop.
2. Run HijackThis. Main menu opens. Click to “Do a system scan only” button. After HijackThis completes the system scan, check the box to the left of the following items:
O4 – HKCU\..\Run: [KB5625711.exe] C:\Documents and Settings\user\Application Data\692A3AB5356E8BA8D60B237EB24238F7\KB5625711.exe
O4 – Startup: Malware Destructor.lnk = C:\Documents and Settings\user\Application Data\692A3AB5356E8BA8D60B237EB24238F7\KB5625711.exe
Please be very careful, do NOT check any other boxes! Next, click on Fix checked on the bottom left side of the HijackThis screen. Close HijackThis.
3. Download Malwarebytes Anti-malware. Install, perform a scan and let it remove what it found. Reboot afterwards (important).
Leave a Reply