Last week my system got struck with Win32.sality virus and several trojan infected files called khatra.exe,ghost.exe,xplorer.exe and khatarnakh.exe were injected into the running process.These viruses can be called as a variant of newfolder virus which has been brought into very existence since the creation of USB drives.
This all happened since due to some reasons I had to turn off UAC in Vista and one of my friends came and plugged his lovely flash drive into my system.Rest is all understood.
The problem with the khatra virus or ghost.exe virus is that it creates multiple copies of the EXE trojan virus inside every folder using the folder’s name itself.These virus infected applications could be misunderstood to be a folder since it has the same looks and a user might double click on them,again executing the virus itself.It’s a smart virus,and starts by disabling your Regedit, msconfig and in some cases control panel as well as your folder options.
This virus has some symptoms when ever you try to open browser and search remove khatra.exe the browser will automatically close,also you cannot delete khatra.exe or gHost.exe or Xplorer.exe which are created by the same virus as these processes will keep running.It aslo disables the security option in windows vista and also the control panel is remains inaccessible.It tries to hack your outlook express for harvesting email address and attaches itself to your mails.
Click “deny” if the above popup appears at any instant.AVG antivirus is useless and itself gets disabled on the attack of the virus.
To regain back the disabled folder options,regedit,msconfig and task manager you could use Remove Restrictions Tool.Run RRT as an administrator to performing actions.
How to delete and Remove Khatra.exe, ghost.exe ,xplorer.exe virus or in one word WIN32.Sality Virus.
Download Protector plus and run the application as an administrator(right click file and choose run as administrator)
Click Scan and the program will find every instance of the virus and delete them.
Restart the system and install a fresh copy of Avast Free edition antivirus and choose to scan the local disk drives.
How to Enable Security Center in Vista after removing khatra virus
Open the Start Menu.
1. In the white line (Start Search) area, type services and press Enter.
2. Scroll down and right click on Security Center and click on Properties.
A) Next to Startup type, click on Disabled and select Automatic.
B) Click on the Apply button.
C) Click on the Start button.
Turn UAC ON in windows vista to prevent virus attack.
Download Sality/khatra/ghost virus removal tool -Protector plus from here