Trojan.Kasidet

Trojans are one of the nastiest types of malicious software that can slither onto computers without permission. Trojan.Kasidet belongs to the same group of malware, but it slightly differs from ordinary Trojan infections in a sense that it has been developed to steal financial information from credit cards and POS payment terminals in stores. It was first detected back in 2015 by researchers working in the cyber-security department, but its popularity continues rising, as has been observed, so we want to remind people how it works and what they can expect from it. You will also find instructions that will help you to get rid of Trojan.Kasidet manually below this article.

Researchers working at pcthreat.com say that Trojan.Kasidet is quite sophisticated malware. As has been observed, it is distributed as a self-extracting archive. This means that it drops a payload on affected machines and then executes itself. Of course, it does all this without permission, so users do not know anything about the presence of this nasty threat for a long time. Once Trojan.Kasidet starts working on affected computers, it goes to disable the so-called monitoring software. On top of that, it changes Proxy settings on these affected machines. Third, it creates a folder with an executable (.exe) file in it. Since it creates a folder in the same place in all the cases, it is possible to find out about its presence without the antimalware tool – you just need to go to unhide files on your computer first (check the removal guide provided below this report). Then, you should open the Windows Explorer and go to %APPDATA%. If the random-named folder containing the random-named .exe file, for example, %APPDATA%\Xl5jVVxcVWIx can be located there, there is no doubt that Trojan.Kasidet is active on the system. It should be noted that the random-named file is not the only one this Trojan infection has. Research has shown that it establishes communication with its C&C server and downloads several additional .exe files. As has already been mentioned in the first paragraph of this article, this nasty malicious application has been designed by cyber criminals to steal financial information. As a consequence, specialists refer to it as extremely harmful software that needs to be deleted as soon as possible. We can assure you that you will not get rid of this threat by restarting your computer because it creates a task using the Task Scheduler. It allows it to start working on every system startup, i.e. when the Windows OS loads up, so do not bother rebooting your system – this will not help. It can only be disabled by erasing all its components one by one.

Since Trojan.Kasidet is not a new threat, specialists already know how it is distributed. They say that it is mainly spread via spam emails. In most cases, such serious threats are spread as attachments, so our advice for all the users would be to stay away from them all. On top of that, cyber criminals might use exploit kits to promote it. As has been observed during research, this malicious application pretends to be a legitimate Microsoft application in most cases. To be more specific, it is disguised as WMI Commandline Utility by Microsoft. Most probably, it might be spread masqueraded as other legitimate programs too. There are hundreds of malicious applications that pretend to be legitimate software, so all computers connect to the Internet must have a reputable security application installed on them, our security specialists say.

Since Trojan.Kasidet is extremely sophisticated malware, do not expect it to remove from your system very easily. First, you will need to unhide all files that have been hidden. Then, you will have to delete the random-named folder containing the malicious executable from %APPDATA%. Third, you will need to remove the task from Task Scheduler. Fourth, you will need to remove those additional executables Trojan.Kasidet has downloaded from its C&C server. Finally, you will have to disable altered Proxy settings. Our step-by-step instructions will help you to erase this threat from the system, but if you consider yourself an inexperienced user and do not think that you could erase this Trojan infection manually yourself, you should clean your system using a powerful antimalware scanner. Before you install it on your PC, make sure this tool can be trusted 100% - there is a bunch of scanners that only pretend to be trustworthy.

Delete Trojan.Kasidet

Show hidden files

Windows XP

1. Double-click on the My Computer icon.
2. Click Tools and select Folder Options.
3. Select View.
4. Under Hidden files and folders, select the radio button next to Show hidden files and folders.
5. Press Apply.
6. Click OK.

Windows 7/Vista/8/8.1/10

1. Access Control Panel.
2. Type folder in the search box at the top and select Show hidden files and folders.
3. Click View.
4. Under Advanced Settings, find Hidden files and folders.
5. Mark Show hidden files and folders below it.
6. Click OK.

Disable Proxy Settings

Internet Explorer

1. Open Internet Explorer and click Tools at the top.
2. Select Internet Options.
3. Open the Connections tab.
4. Select LAN settings.
5. Remove the tick from the box next to Use a proxy server for your LAN.
6. Click OK.

Google Chrome

1. Open Google Chrome.
2. Click on the menu button in the top-right corner.
3. Select Settings.
4. Click Advanced.
5. Under System, click Open proxy settings.
6. Click LAN settings.
7. Deselect Use a proxy server for your LAN.
8. Click OK.

Mozilla Firefox

1. Start Mozilla Firefox.
2. Select Tools at the top and click Options.
3. Scroll down.
4. Under Network Proxy, click Settings.
5. Mark No proxy.
6. Click OK.

Remove all Trojan.Kasidet components

1. Press Win+E to open Windows Explorer.
2. Access %APPDATA%.
3. Find the random-named folder, e.g. Xl5jVVxcVWIx and delete it with the file it contains.
4. Open %WINDIR%\Tasks.
5. Delete the {random_name}.job task.
6. Open %LOCALAPPDATA%\Microsoft\Windows\Temporary Internet Files\Content\.IE5 (there might be a different number at the end).
7. Delete all recently added executable files.
8. Remove all recently downloaded suspicious files from your computer.
9. Empty Trash.