Killbot

What is Killbot?

Killbot, also known as KillBot_Virus Ransomware, could be a severe threat to your system and to your files once its finished version manages to slither onto your PC. As a matter of fact, our malware experts at anti-spyware-101.com say that this ransomware program seems like a project in development as not all functionalities work just yet. However, since this malicious program is coded in .NET, we inspected it and found that this threat can actually cause serious damage to your system once it is finished. In fact, it seems like a wiper and ransomware hybrid that has capability to encrypt all possible files on your system, including .exe files. Fortunately, the current version simply locks your screen with its ransom note but does not encrypt or damage your files. Therefore, you can relatively easily remove Killbot from your PC without losing your files to encryption. Nevertheless, you cannot take this threat lightly because if it has managed to infiltrate your system this time, what will protect you next time?

Where does Killbot come from?

There are, in fact, a couple of ways for this malicious program to sneak onto your system. The most likely way seems to be via spam campaigns. This means that this ransomware program can be disguised as an image, a document, or even a ZIP archive file, and attached to a spam e-mail. Now, this spam can, of course, be very convincing and deceiving. Even more experienced computer users may not realize that they are dealing with a dangerous fake e-mail. This is usually achieved by using believable or even authoritative sender name and e-mail address pairs as well as intriguing subjects. It is hard to nip our curiosity in the bud when we find an e-mail, even if in our spam folder, which claims that it is about an unpaid fine, an unsettled invoice, a problematic parcel delivery, and so on. No wonder so many victims fall for this trick and click right away to see this urgent matter in details. However, opening this spam will not give you satisfaction since it obviously does not contain any useful information as it tries to make sure that you download and execute the attached file. This is when you activate this potentially disastrous attack. After this, you would not be able to delete Killbot from your system without the nightmare of the damage it may cause on your computer; however, if you have been infected with this particular version, your files should be untouched this time.

It is also possible to get infected with ransomware threats if your browsers and drivers are not up-to-date, and you land on a malicious page rigged with Exploit Kits. You can get redirected to such dangerous pages when you click on unsafe third-party ads on suspicious websites or when your computer is infected with malware like adware, which is capable of redirecting you to such pages or display unreliable ads that can do the same. All in all, if you want to protect your system and yourself from such a malicious attack, you need to keep all your programs updated. Otherwise, you will end up having to remove Killbot or any other threat that has managed to sneak onto your system this way.

How does Killbot work?

The malicious file, which is quite small to be frank, may be called KillBot Virus.exe and it could be dropped on your desktop. But it is also possible that it is wherever you saved it from the spam. In any case, it does not seem to create any other files or drop ransom notes anywhere. It is programmed in .NET and we must say that it seems unfinished as it practically does not use any functions yet, which we found in the code. Let us tell you some of the capabilities of this potentially severe threat. First of all, it can encrypt all your files throughout your whole system with the AES algorithm, including .exe files. It can create a Point of Execution in "HKCU\Software\Microsoft\Windows\CurrentVersion\Run::KILLBOT" to make sure that it starts up automatically every time you log into Windows. Thus, this infection could encrypt and damage all your new files as well. Furthermore, it has the ability to disable main processes like Task Manager, Command Prompt, Control Panel and Regedit, which makes it practically impossible for you to remove it unless you restart your system in Safe Mode.

Fortunately, none of these functions work right now in this version. However, it is only a matter of time when the new, finished version may surface. And, that will be a real nightmare. After activating this ransomware program, it locks your screen and displays its ransom note in red on black background. This note claims that you cannot restore your files after this attack. What's more, if you try to close this window or remove Killbot, "your PC will be destroyed." Instead of asking for a ransom fee, for the time being, this note instructs you to reinstall Windows and "get a powerful antivirus software and update it to the latest version." Despite the threat involved in this ransom note, we recommend that you remove Killbot right away.

How can I delete Killbot?

The good news is that you can easily unlock your screen if you use the Alt+Tab key combination. Then, you can launch your Task Manager to kill the malicious process. And, finally, you can delete all related files and registry entries. If you feel up to the task, please use our guide below this article to eliminate this dangerous threat. If you want peace of mind in the future and keep your stored data safe, we suggest that you download and install a reliable anti-malware program, such as SpyHunter as soon as you can.

Remove Killbot from Windows

  1. Press Alt+Tab and move away from the current malicious window.
  2. Now, press Ctrl+Shift+Esc to open your Task Manager.
  3. Find the malicious process, select it, and click End task.
  4. Exit your Task Manager.
  5. Press Win+R and type regedit. Click OK.
  6. If you find "HKCU\Software\Microsoft\Windows\CurrentVersion\Run::KILLBOT" Run registry value name, delete it.
  7. Exit your Registry Editor.
  8. Press Win+E to open your File Explorer.
  9. Delete the malicious .exe file, which could be called KillBot Virus.exe and it could be located on your desktop or where you downloaded it.
  10. Empty your Recycle Bin.
  11. Reboot your system. 100% FREE spyware scan and
    tested removal of Killbot*
Disclaimer
Disclaimer

Leave a Comment

Enter the numbers in the box to the right *