>Solution

Terminating the Malware Program

This procedure terminates the running malware process from memory.

1. Open Windows Task Manager.
   On Windows 9x/ME systems, press
   CTRL+ALT+DELETE
   On Windows NT/2000/XP systems, press
   CTRL+SHIFT+ESC, and click the Processes tab.
2. In the list of running programs, locate either or both processes:
   System32.exe
   Cmd32.exe
3. Select one of the processes, then press either the End Task or the End Process button, depending on the version of Windows on your system.
4. Do the same for all running malware processes.
5. To check if the malware process has been terminated, close Task Manager, and then open it again.
6. Close Task Manager.

*NOTE: On systems running Windows 9x/ME, Task Manager may not show certain processes. You may use a third party process viewer to terminate the malware process. Otherwise, continue with the next procedure, noting additional instructions.

Removing Autostart Entries from the Registry

Removing autostart entries from the registry prevents the malware from executing during startup.

1. Open Registry Editor. To do this, click Start>Run, type REGEDIT, then press Enter.
2. In the left panel, double-click the following:
   HKEY_CURRENT_USER>Software>Microsoft>Windows>
   CurrentVersion>Runonce
3. In the right panel, locate and delete the entry or entries:
   SystemSAS = "system32.exe"
   CMD = "cmd32.exe"
4. In the left panel, double-click the following:
   HKEY_LOCAL_MACHINE>Software>Microsoft>Windows>
   CurrentVersion>Run
5. In the right panel, locate and delete the entry or entries:
   SystemSAS = "system32.exe"
   CMD = "cmd32.exe"
6. In the left panel, double-click the following:
   HKEY_LOCAL_MACHINE>Software>Microsoft>Windows>
   CurrentVersion>RunServices
7. In the right panel, locate and delete the entry or entries:
   SystemSAS = "system32.exe"
   CMD = "cmd32.exe"
8. In the left panel, double-click the following:
   HKEY_USERS>.DEFAULT>Software>Microsoft>Windows>
   CurrentVersion>Runonce
9. In the right panel, locate and delete the entry or entries:
   SystemSAS = "system32.exe"
   CMD = "cmd32.exe"

Removing Malware Registry Key

1. In Registry Editor, in the left panel, double-click the following:
   HKEY_LOCAL_MACHINE>Software>Krypton
2. Still in the left panel, delete the subkey:
   Krypton
3. Close Registry Editor

NOTE: If you were not able to terminate the malware process from memory, as described in the previous procedure, restart your system.


Fonte : http://threatinfo.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_KWBOT.C&VSect=Sn

si consiglia vivamente di utilizzare i software antivirus sotto elencati per evitare tale problema ..

trend micro internet security


mcafee internet security suite

cordiali saluti

giuseppe arcidiacono