NOD32 - Save 25% - Download Now

Total Defense (former division of CA Technologies)

You are here: Home > Computer worms > Removal > W32.Badtrans.B aka Badtrans.B Removal

W32.Badtrans.B aka Badtrans.B Removal

By default the worm files are 'KERNEL32.EXE' & 'KDLL.DLL', but may vary since adjustments fro the worm could well be available.

Removal on Windows NT/2000/XP.
1. Open task manager to stop the process used by the worm:
Press CTRL+ALT+DEL. Select 'Task Manager'. Click on the 'Processes' tab.
Highlight the process 'KERNEL32.EXE' and click on 'End Process'.
You will see a confirmation message - click 'Yes'.
2. Scan with an updated antivirus scanner and remove all files detected as the worm.
Please note: you may be unable to delete the KDLL.DLL file 'cause the operating system has locked it open. If so, restart your computer and scan again with your virusscanner to delete KDLL.DLL. If infection is reported in System Restore under Windows ME or Windows XP, read up 'Infection in \Restore folder (Windows ME)' or 'Infection in \Restore folder (Windows XP)'.

Removal on Windows 95/98/ME.
1. Restart your computer in MS-DOS mode:
In Windows 95/98 click 'Start', and choose 'Shut Down'
Select 'Restart the computer in MS-DOS mode' and click OK. The computer will now restart.
NOTE: In Windows Me restart your computer with an emergency startup floppy disk. If you do not have this, create one by clicking:
Start > Settings > Control Panel > Add/Remove Programs > |Startup Disk > Create Disk.
Put this disk into your computer and restart it.
2. When the computer has finished loading MS-DOS, you will see a command prompt:

Type "del c:\windows\system\kernel32.exe" and press return.
Type "del c:\windows\system\kdll.dll" and press return.
Type "exit" to restart Windows. In Windows Me you will have to reboot.

3. Scan with an updated antivirus scanner to make sure all infected files are removed.

Infection in \Restore folder (Windows ME).

You can not remove infected files in \Restore folder. Follow these instructions to create a workaround (no data will be lost):

  1. Close all open programs. Then, right-click My Computer on the Windows desktop.
  2. Click Properties.

  3. Click the Performance tab.
  4. Click File System.
  5. Click the Troubleshooting tab.
  6. Check Disable System Restore.
  7. Ok your way out.

Click Yes to restart. This disables the System Restore feature and will purge the contents of the _RESTORE folder when the system is restarted.

After finishing the removal instructions, repeat steps 1 through 7, except in step 6, choose: uncheck Disable System Restore. 

Infection in \Restore folder (Windows XP).

You can not remove infected files in \Restore folder. Follow these instructions to create a workaround (no data will be lost):

  1. Close all open programs. Then, right-click My Computer on the Windows desktop.
  2. Click Properties.
  3. Click the System Restore tab.
  4. Click checkbox Turn off System Restore (or checkbox Turn Off System Restore on all drives)
  5. Click OK.
  6. Click Yes when prompted to turn off System Restore.
  7. Ok your way out.

This disables the System Restore feature and will purge the contents of the _RESTORE folder.

After finishing the removal instructions, repeat steps 1 through 7, except in step 4, choose: uncheck checkbox Turn Off System Restore and OK your way out again.

  Advertising

DHL for You
Use 'DHL for You' for easy package sending in the Netherlands!

Save 10% off top Norton Products with Coupon Code 10NAMNORTONSTORE

Save now - 25% off - 2 year license of ESET NOD32 Antivirus 4

Save 20% on Trend Micro™ Titanium™ Maximum Security! Coupon Code: titanium20

Norton 360 Version 5.0 3 Year Protection

ZoneAlarm Internet Security Suite 2012 - Save 50%