Win32:Kamso Trojan

Updated: July 13, 2012 Trojan 2 Comments

This page contains detailed analysis on Win32:Kamso. To get rid of this Trojan, please use the removal guide below.

Win32:Kamso is a Trojan that can sneak into computers via malicious websites already compromised. Computer user may also acquire this threat by downloading malicious files from risky file-sharing networks. Once executed on the computer, Win32:Kamso attempts to connect to a remote server and download additional malware. This threat may endanger security and privacy on the infected system. It may record key presses to steal sensitive data including user name and password to access online accounts.

Damage Level: Medium

Systems Affected: Windows 9x, 2000, XP, Windows Vista

Characteristics
Win32:Kamso Trojan possess a rootkit technique. This is the main reason why most antivirus programs fail to detect it. This stealth capability, which is highly developed, makes the Trojan to stand out among other of the same nature. It can inject a process to known system processes so that Windows runs the harmful Trojan code each time the operating system starts. The Trojan will continuously communicate with a remote server to download more threats. It may also download some file as update for itself. It also fetches the most recent configuration files making the Trojan more versatile and massive threat.

Distribution
This kind of Trojan basically spread through file-sharing networks. In most occasions, Win32:Kamso author embeds the code onto legitimate executable files that are frequently downloaded from shared public server. Using a sophisticated technique, it often conceals itself from antivirus application. A Spam email message is another channel to distribute the Trojan to unspecified targets. It may arrive as an attached file that disguises as legitimate document file. Typically, Win32:Kamso is in the form of a compresses file that has a RAR or ZIP extension. It may also come as an executable compressed file bearing the extension EXE.

Some files as observed to be associated with this Trojan are the following:

  • 111.rar
  • dn123.rar
  • sxs_npse.rar
  • Backup.zip
  • Mr_HaPpY.zip
  • 31.vmp.zip
  • Fwxyabcde_NETPack.zip
  • Mr_HaPpY.exe
  • server_se.exe
  • 50.vmp.exe

How to Remove Win32:Kamso Trojan

Anti-rootkit utility called TDSSKiller is a free tool from Kasperksy that neutralizes complicated malware which effectively hides its process, folders, files and registry entries.

1. Download TDSSKiller from this link. Save the file to your desktop.
2. Extract the contents using archiver applications. 3. Reboot the computer in Safe Mode to avoid Win32:Kamso Trojan from loading at start-up. You may want to print this procedure as we have to restart the computer to complete the removal process.
- Restart the computer.
- Before Windows begins to load, press F8 on your keyboard.
- It will display an Advanced Boot Options menu. Please select Safe Mode with Networking.
- Windows will now start in Safe Mode.

4. Locate and run the TDSSKiller.exe file.

5. On Object to Scan, please mark Services and drivers as well as Boot Sectors.
6. Click on Start Scan to begin scanning your system. This may take a while.
7. After the scan is finished, it will reboot the computer. That should complete the disinfection process.

Alternative Removal Method for Win32:Kamso Trojan

Option 1 : Use Windows System Restore to return Windows to previous state

If Win32:Kamso Trojan enters the computer, there is a big chance that Windows files, registry entries and other essential components are also infected. System Restore can reinstate clean system files by restoring the configuration to an earlier date. The method also replaces compromised files with a clean version. If you have a saved restore point before Win32:Kamso Trojan infiltrates the PC, we highly encourage you to execute this procedure if none of the above works. You may proceed with Windows System Restore, click here to see the full procedure.