|
Malware -
Harmful EXE
|
keepsafe.exe is a filename that has appeared recently in several infections of a virus. In fact there is a legitimate application of that name. It is a data backup software from Stardock.com The virus writers are exploiting this name to create viruses on your computer. Fortunately it is easy to identify the StarDock's Keepsafe from the virus Keepsafe. The StarDock Keepsafe application is found at this place %Program Files%\stardock\thinkdesk\keepsafe\, whereas the virus keepsafe is found in this location %System%\keepsafe.exe
The virus can deletes files, folders and registry of some antiviruses and tries to spread across network. Installs a default debugger to hide its own presence, Creates a startup registry entry. This article provides thorough detection and removal instructions based on the threatexpert reports. All the tools/ software mentioned in this article are freeware
| Aliases: There are a number of aliases, You can find a list of them on this link
| Delete Files: The place where keepsafe.exe could be found %System%\keepsafe.exe%System% refers to the System folder. By default, C:\Windows\System (in Windows 95/98/Me), C:\Winnt\System32 (in Windows NT/2000), or C:\Windows\System32 (in Windows XP and in Vista) | | View Hidden Files: Before you could delete keepsafe.exe and its associated files you need to search for them, and before doing that you need to enable to view hidden files and folders click here to read more... | | Boot in safe mode: Sometimes you will not be able to delete a file even if you find it, in that case you should boot in safe mode and then try to delete it/ them. Click here to read more... | | End Process in the Task Manager: If you find keepsafe.exe running in the Task Manager, you can select it and press End process button, that will help you to delete it from the hard disk later. click here to read more... | Remove entry from Windows Startup: Look in the windows startup, by opening the system configuration utility and remove the entry of keepsafe.exe if found. click here to read more...
| | Unable to open Task Manager: If that happens, you can try these free tools to enable the task manager again. click here to read more... | | Run CCleaner : If you manage to find keepsafe.exe and associated files and delete, even then there will be associated entries in the windows registry. If you run a free temp files/registry cleaner called CCleaner, that will help you to automatically clean the registry from the virus entries. click here to read more... | Block the sites: These are some of the remote hosts, which are contacted by this virus. so keep it in mind and protect yourself with a firewall accordingly
se1.abisp.cn
17dvd8.cn | Delete the registry keys manually: If you are brave enough to do so. You can edit the registry by using the windows built in registry editor. Click here to read more... You can find the registry entries on this link. Best of Luck reference with permission from Threatexpert |
|
