Spyware, Viruses, & Security forum

General discussion

AGV-purity-KFDKUD.EXE ??

Win98SE with AVGFree and all updates.

I don't know all the details, because my husband did not write them down/can't remember. What I know so far is this: Last night he was browsing the web. AVG pops up something, he thinks it said Purity trojan horse downloader. He told AVG to heal it. Then it popped up again, and he clicked Heal. Then the third time it said something in C:\Windows\System\KFDKUD.EXE it could not heal. So he went to that directory and deleted that file. Then AVG reported it again in that location, and he deleted it again.

Right now AVG virus vault shows C:\Windows\ProgramFiles\mismn.exe and wmplayer.exe as healed files and the 2 KFDKUD.EXE as deleted files. Outlook Express and Windows Media Player will not open, the executable is missing. These are the 2 files listed as healed in the virus vault.

What do I do in order to fix it and not mess things up further. Any more info needed, just ask and I will go to his computer and try to find out.

Discussion is locked
You are posting a reply to: AGV-purity-KFDKUD.EXE ??
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: AGV-purity-KFDKUD.EXE ??
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Re: AGV-purity-KFDKUD.EXE ??

In reply to: AGV-purity-KFDKUD.EXE ??

Here's what I've found so far.

I ran Panda online scan. It found Virus:Trj\Briss.A in C:\Windows\DownloadedProgramFiles\jao.dll which it removed.

I went to Symantec and followed manual removal for Purity. The only thing on the computer anywhere that is listed on the Symantec fix page was HKLM/Software/Clickspring,which I deleted.

I went back to AVG virus vault and had it restore the msimn.exe and wmplayer.exe to see what would happen.
Clicking on either program to execute brings up AVG access denial-reason given- the file in infected with Trojan Horse Downloader Nex.B

I don't know what to do next.

Collapse -
Re: AGV-purity-KFDKUD.EXE ??

In reply to: Re: AGV-purity-KFDKUD.EXE ??

Sorry, forgot something.
I can find no reference to KFDKUD.EXE anywhere on the web.
I did find it in HKCU/Software/Microsoft/Windows/CurrentVersion/Run while I was searching for the Purity stuff. As of now I have left it there, since I don't know what it is.

Also in this same Run key was C:Windows/ApplicationData\arie.exe
I don't know what it is for either

Off to do more searching. Will check back tomorrow to see if any one has any suggestions. Thanks

Collapse -
Re: AGV-purity-KFDKUD.EXE ??

In reply to: Re: AGV-purity-KFDKUD.EXE ??

Download Ad-aware Second Edition here and install it. If you already have Ad-aware Second Edition skip to the next step.

Open adaware and Click the "Check for updates now" line on the main screen. Click the "Connect" button on the webupdate screen.

If an update is available download it and install it. Click the "Finish" button to go back to the main screen.

Click on the "Settings" button (gear symbol in the upper right corner of the main status screen) in the quick launch toolbar to open the General settings screen. Check the "Automatically quarantine objects prior to removal" setting and then click "Proceed" to save your changes

Click the "Scan now" button in the main menu on the left side of the main status screen or use the "Start" button in lower right corner. This will open the Preparing System Scan screen. Please deselect "Search for negligible risk entries", as negligible risk entries (MRU's) are not considered to be a threat. Then select "Use custom scanning options" and click "CUstomize". This will open the "Scan Settings Page. Make sure all of the following are On with a "green" checkmark:

Scan within archives
Scan active processes
Scan Registry
Deep-scan Registry
Scan my IE Favorites for banned URLs
Scan my Hosts File

Then Click the Advanced Button on the left side to open the Advanced Settings screen. Make sure the following is on with a "green" checkmark:

Move deleted files to Recycle Bin

Others are optional to be checked or unchecked.

Then click on the "Tweak" Button to open up the tweak settings.

Open up the Scanning Engine section and make sure ll of the following are On with a "green" checkmark:

Scan registry for all users instead of current user only

Make sure the following is unchecked with a "red" X:

Unload recognized processes & modules during scan.

Open up the Cleaning Engine section and make sure all of the following are On with a "green" checkmark:

Always try to unload modules before deletion
During Removal, unload Explorer and IE if necessary
Let Windows remove files in use at next reboot.

Click the "Proceed" button to save settings.

Click the "Next" button to start the scan.

When a scan is completed the Performing System Scan screen will change name to "Scan Complete".

Click the "Next" button to get to the Scanning Results screens where more information about the objects detected during the scan is available.

Click the Critical Objects Tab. In general all of the items listed will be bad. Be carefull with the Hosts file entries. Malware uses the hosts file to redirect you websites. However you can use the hosts file as a way to prevent malware. If the object has in it, it should most likely not be deleted as it is protecting against unwanted sites. For more information on how to use a host file to protect yourself read here. So in short, you may or may not want to fix the hosts file entries.

To fix all the bad critical objects do the following:

Right click on one of them to open up the selection screen. Click the "Select All" button to select all entries. In general all should be selected with the exception of the good hosts file entries.

When all are selected Click "Next" and then "OK" in the pop-up window to confirm the removal.


Download SPYBOT Search and Destroy here if it is not already installed on your computer
Install the program and then start it. Once the program has started make sure you are in the Spybot-S&D section. Click on the "Search for Updates" button. Download all updates. In some cases the program will restart after an update. When updated, click on the "Check for Problems" button. When the Check is over All problems displayed in red are regarded as real threats and should be dealt with. Make sure they are all selected and click the "Fix selected problems" button.

Then browse to the C:\documents and settings\\User Name (repeat for all users)\local settings\temp folder and delete all files and folders in it.
Then browse to the C:\Windows\Temp folder and delete all files in it.
Then in internet explorer click tools>internet Options>General. Click on Delete Files make sure you get all offline content as well.

Then Disable system restore: Instructions here

Enable System Restore.

Collapse -
Re: AGV-purity-KFDKUD.EXE ??

In reply to: Re: AGV-purity-KFDKUD.EXE ??

Thanks. Apparantly I was suffering from brain lock last night while I was working on it. I have both Ad-Aware and Spybot on the machine and didn't even run them. I guess because I was focused on VIRUS!!!, not spyware, and it never even occured to me.
Will post back with results after I get a chance to go where his computer is. Hope it fixes it.

Popular Forums

Computer Newbies 10,686 discussions
Computer Help 54,365 discussions
Laptops 21,181 discussions
Networking & Wireless 16,313 discussions
Phones 17,137 discussions
Security 31,287 discussions
TVs & Home Theaters 22,101 discussions
Windows 7 8,164 discussions
Windows 10 2,657 discussions


Here's Everything to Know About the 2019 Grammys

Find out how to watch the Grammy Awards if you don't have cable and more.