Tip to remove Trojan.kardphisher

Few days back I just saw a post about a Trojan named as Trojan.kardphisher on Technospot blog where Ashish has mentioned that about this Trojan . When this Trojan enters in your computer it starts showing a pops up with a message that “Your Copy” of windows has been activated by other user and asks you to reactivate . After that is will ask you for new registration and to enter your credit card number for payment . You can check this video how this Trojan works .

Symantec's Takashi has posted the steps you need to remove Trojan.kardphisher .

1. Reboot the infected machine. You can do that by simply clicking the "No" and "Next" buttons, or by doing a good-old fashioned hard reboot.
2. While Windows is starting, press the function 8 key (F8 key) to enter Safe Mode.
3. Click Start > Run.
4. Type regedit
5. Click OK.
6. Navigate to and delete these subkeys:
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows
CurrentVersionRunsoft2
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows
CurrentVersionPoliciesSystemDisableTaskMgr
(If it exists)
7. Exit the Registry Editor.

Users also have the possibility to introduce fake information in order to access their computer. You will be able to enter virtually any combination of letters and numbers for the email address, phone number, expiration date, credit card number, CVV2 code, ATM PIN and name on card, as long they resemble genuine ones. Next, make your way to this registry key:
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows
CurrentversionRunSoft2.


This tip was posted on softpedia.com