NEWS
PARASITES
SOFTWARE
FORUM
DIRECTORY

 
 
 
 
 
 
  

Remove Pahatia. Description and removal instructions

 
Title: Pahatia
Type: Worms
Severity scale:Pahatia severity is 43  (43 / 100)
 
Pahatia is a worm that spreads through mapped network drives. Once executed, the parasite secretly installs itself to the system. Then it runs a payload. The worm blocks the Search and Run functions of the Windows operating system, and disables essential system tools including the Task Manager, the Registry Editor and the Command Prompt. Pahatia also hides file extensions and creates numerous infected files in local folders. Furthermore, the parasite may restart the compromised computer if it detects that some security-related programs are running. Pahatia runs on every Windows startup.
The newest version of Pahatia is able to copy itself to removable storage devices.

FORUM:
Discuss Pahatia in
spyware removal forum

Related files: aku bisa tanpamu.exe, aku kecewa.exe, data [X1].exe, dibalas dengan segalanya.exe, hkcmd.exe, isass.exe, lnetinfo.exe, my documents.exe, patah_0[X2].exe, sejauh mungkin.exe, system.exe, tak seperti dulu.exe, temp.exe, viva elektro.exe, [X3].exe, krnl32.bat, system startup.pif

Pahatia properties:
• Hides from the user
• Stays resident in background

Automatic Pahatia removal:

remover for Pahatia

Pahatia manual removal:

Kill processes:
aku bisa tanpamu.exe, aku kecewa.exe, data [X1].exe, dibalas dengan segalanya.exe, hkcmd.exe, isass.exe, lnetinfo.exe, mr.abram\'s.exe, my documents.exe, patah_0[X2].exe, sejauh mungkin.exe, system.exe, tak seperti dulu.exe, temp.exe, viva elektro.exe, [X3].exe
HELP:
how to kill malicious processes

Delete registry values:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\HotKeysCmd
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\patah hati
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\user logon
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell=explorer.exe C:\Program Files\Microsoft Office\temp.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableCMD=1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools=1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr=1
HKEY_CURRENT_USER\Software\Policies\Microsoft\CurrentVersion\Policies\Explorer\NoFind=1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions=1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoRun=1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Hidden=2
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt=1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\RegisteredOrganization=mr.abram's
HELP:
how to remove registry entries

Delete files:
aku bisa tanpamu.exe, aku kecewa.exe, data [X1].exe, dibalas dengan segalanya.exe, hkcmd.exe, isass.exe, lnetinfo.exe, mr.abram\'s.exe, my documents.exe, patah_0[X2].exe, sejauh mungkin.exe, system.exe, tak seperti dulu.exe, temp.exe, viva elektro.exe, [X3].exe, krnl32.bat, system startup.pif, Dibalas Dengan Dusta.exe, Kau Pikir Kaulah Segalanya.exe, Patah_0150.exe, My Music.exe, My Pictures.exe, user logon.exe
HELP:
how to remove harmful files

Misc:
[X1] is a name of the compromised computer.
[X2] is a random character.
[X3] is a name of a certain local folder.

Exact file location:
krnl32.bat - C:\Windows\Security
patah_0[X2].exe - C:\Windows\System32
temp.exe - C:\Program Files\Microsoft Office
hkcmd.exe, isass.exe, system.exe - C:\Windows
[X3].exe - C:\Documents and Settings\[Current User]\My Documents
system startup.pif - C:\Documents and Settings\All Users\Start Menu\Programs\Startup
data [X1].exe - C:\Documents and Settings\[Current User]\My Documents, D:, E:, F:, G:, H:, I:, J:, K:, L:, M:, N:, Z:
my documents.exe - C:\Documents and Settings\All Users\Desktop and C:\Documents and Settings\All Users\Start Menu\Programs
aku bisa tanpamu.exe, aku kecewa.exe, dibalas dengan segalanya.exe, lnetinfo.exe, mr.abram's.exe, sejauh mungkin.exe, tak seperti dulu.exe, viva elektro.exe - C:\Windows\System

Other programs to remove Pahatia:

• Malwarebytes Anti Malware - Review - Download
• Malwarebytes Anti Malware - Review - Download
• Windows Defender - Review - Download

Information added: 06/06/06
Information updated: 23/04/07

Additional resources related to Pahatia:

Attention: If you know or you have a website or page about Pahatia removal, feel free to add a link to this list: add url



more resources

Post Comment:

Attention: Use this form only if you have additional information about Pahatia parasite, its removal instructions, additional resources or behavior. By clicking "post comment" button you agree not to post any copyrighted, unlawful, harmful, threatening, abusive, harassing, defamatory, vulgar, obscene, profane, hateful, racially, ethnically or otherwise objectionable material of any kind.



Enter security code:

Latest spyware news:
Similar parasites:
Latest Spyware Threats: VirusProtect Pro | VirusLocker | SpyCrush | ContraVirus | SpyLocked | SpyDawn | AntiVerminser | SpywareQuake | VirusBurst | AntiVermins | AntiVermeans | Zlob | PopCorn.net | MovieLand | TagASaurus | BraveSentry | VirusBurster | SystemDoctor | VirusRescue | MalwareWipe | SpySheriff | CmdService | Smitfraud | SpywareStrike | WinFixer | WinHound | PestTrap | UnSpyPC
Agreement of Use | Privacy policy | Webmasters | Contact us | RSS Feeds
© 2001-2008 2-spyware.com All Rights Reserved. Reproduction in part or whole without written permission is prohibited. Powered by: eSolutions.