Win32:Kamso Trojan

30 July 2009 Trojan 2 Comments

Win32:Kamso is a Trojan that can sneak into computers via malicious websites and downloading malicious files from file-sharing networks. Once executed, Win32:Kamso attempts to connect to a remote server and download additional malware. 

Damage Level: Medium

Systems Affected: Windows 9x, 2000, XP, Windows Vista

Characteristics
Win32:Kamso Trojan possess a rootkit technique. This is the main reason why most antivirus programs fail to detect it. This stealth capability which is highly developed makes the Trojan to stand out among other on the same nature. The Trojan will continuously communicate with a remote server to download more threats or updates for itself. It also fetches the most recent configuration files making the Trojan more versatile and massive threat.

Distribution
This kind of Trojan basically spread through file-sharing networks. In most occasions, Win32:Kamso author embeds the code onto legitimate executable files that are frequently downloaded from shared public server. Using a sophisticated technique, it often conceals itself from antivirus application. A Spam email message is another channel to distribute the Trojan to unspecified targets. It may arrive as an attached file that disguises as legitimate document file.

Anti-rootkit utility called TDSSKiller is a free tool from Kasperksy that neutralizes complicated malware which effectively hides its process, folders, files and registry entries.

1. Download TDSSKiller from this link. Save the file to your desktop.
2. Extract the contents using archiver applications. 3. Reboot the computer in Safe Mode to avoid Win32:Kamso Trojan from loading at start-up. You may want to print this procedure as we have to restart the computer to complete the removal process.
- Restart the computer.
- Before Windows begins to load, press F8 on your keyboard.
- It will display an Advanced Boot Options menu. Please select Safe Mode with Networking.
- Windows will now start in Safe Mode.

4. Locate and run the TDSSKiller.exe file.

5. On Object to Scan, please mark Services and drivers as well as Boot Sectors.
6. Click on Start Scan to begin scanning your system. This may take a while.
7. After the scan is finished, it will reboot the computer. That should complete the disinfection process.