Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Need Help For Kardphisher Removal

  • Please log in to reply
2 replies to this topic

#1 johntl43


  • Members
  • 7 posts
  • Local time:04:34 PM

Posted 25 May 2007 - 11:33 AM

Symantec has warned of a Trojan that has posed as a Windows activation program and duped users into entering credit card information. Dubbed Kardphisher, the Trojan...throws up an official-looking screen that claims the user's copy of Windows was activated by someone else. "To help reduce software piracy, please re-activate your copy of Windows now," the screen reads. "We will ask you for your billing details, but your credit card will NOT be charged."...

Does anybody know how to get rid of this??? If I log in normally, the computer is basically frozen up, I can't do anything. I've tried logging in Safe Mode and running Adaware SE, Spybot Seach and Destroy, and Avast antivirus a couple times. Each time they said they found and removed viruses but I'll log in normally and it's still the way it was. One last thing I've tried is System restore, but Windows said that it failed on two different tries. Any and all help is greatly appreciated!

BC AdBot (Login to Remove)


#2 buddy215


  • Moderator
  • 13,301 posts
  • Gender:Male
  • Location:West Tennessee
  • Local time:04:34 PM

Posted 25 May 2007 - 12:06 PM

Unless the form is filled in, the computer will not work properly. That's why, we suggest you to enter false information in the screen where such data is requested. This way, the computer will recover its normal working and no valid or real information will be given to the Trojan.

If that works and you can now use your computer, I would follow the directions below.

Install Super Antispyware. Run it in safe mode. Allow it to quarantine whatever it finds.

Run the online scan for Bit Defender in normal mode. Allow it to quarantine whatever it finds.


Post a Hijack This log in the Hijack This Forum by following the directions in the link below if the programs above have not removed ALL malware. DO NOT post the log in this forum.

How To start Windows in Safe Mode
“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#3 quietman7


    Bleepin' Janitor

  • Global Moderator
  • 51,729 posts
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:34 PM

Posted 25 May 2007 - 04:33 PM

Removal Instructions for Trojan.Kardphisher.
This step involves making changes in the registry. Always back up your registry before making any changes. If you are not familiar with working in the registry, then you should NOT attempt to make any changes on your own. Improper changes to the registry could adversely affect your computer and render it inoperable.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users