How to handle kdysi.exe virus infection

Posted on 2008-11-16
Last Modified: 2013-11-22
My PC is infected with virus, but I cannot remove it.  I use msconfig and find out that a file called kdysi.exe is actively running, but cannot be stopped or remove.

Can anyone tell me how I can remove it OR do I need to format the whole harddisk?
Question by:cbgold
    LVL 7

    Expert Comment

    Hi cbgold:

    The zlob.dns changer can be removed using the following guide:
    LVL 47

    Accepted Solution

    Just run MalwareBytes, and maybe resetting the router if still necessary afterwards.
    We need to see the MalwareBytes log report.

    Download Malwarebytes' Anti-Malware to your desktop. check for Updates before scanning.

    Author Comment

    I try to download Malwarebytes' Anti-Malware to my desktop.  After I install to the PC, the menu seems to display in strange language which I don't understand.  Is it simplified Chinese version?  By the way, can this program kill the virus as well?
    LVL 47

    Expert Comment

    It has multilingual support, but you should be able to choose English. I would not scan my system with a scanner if I don't know what's going on( in different language I mean)
    Yes, MalwareBytes does remove a Zlob.DNS.changer plus sthe resetting the router if necessary.
    Does it give you an option what language it should.

    Author Closing Comment

    Fantastic!  The virus is removed.  But it's rather strange.  The first time I install the program with unreadable menus.  I guess on the meaning, scan and kill the virus.  After reboot, the menu items of the Malware program becomes readable (in English).

    Anyway, thanks for your help!
    LVL 47

    Expert Comment

    Yeah, it's strange that the first time you install it it seems to have defaulted in another language. This is the first time I've heard MBAM doing it.
    Glad to know that the problem is now solved.
    Thanks for the points and the grade!

    Featured Post

    What Security Threats Are You Missing?

    Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

    Join & Write a Comment

    PREFACE The purpose of this guide is to explain what the SEPC Status Utility is and how it works. I have written the utility using AutoIt and have included the source code for your review. You are welcome to modify the code to your liking, but I wi…
    Some of the most commonly posted questions in the "Virus & Malware" Zones are related to the family of rogue malware with the date "2012" somewhere in the title. Examples: XP Antispyware 2012 XP Antivirus 2012 XP Security 2012   XP Home Sec…
    Internet Business Fax to Email Made Easy - With eFax Corporate (, you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…
    This video discusses moving either the default database or any database to a new volume.

    732 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    19 Experts available now in Live!

    Get 1:1 Help Now