Backdoor.Komprogo is a Trojan horse that opens a back door on the compromised computer and downloads malicious files. It creates the following registry entries on infected systems:
- HKEY_CURRENT_USER\ Software\ Microsoft\ Narrator\ NoRoam\ “ComponentName” = “C2F8037AA0BD29CD472402BC63079F558F647C9B”
- HKEY_CLASSES_ROOT\ CLSID\ {53255E7F-D464-40FB-857D-A2F9F0E1E397}\ InProcServer32
- HKEY_CURRENT_USER\ Software\ Microsoft\ Active Setup\ Installed Components\ {89B4C1CD-B018-4511-B0A1-5476DBF70820}
Finding these registry settings is an indication that you are infected with this Trojan. Before removing the infection, back up your registry following the steps here.
Then, remove the infection as follows:
- Press [Windows Key] + [R], type REGEDIT and click OK.
- Navigate to the registry key: HKEY_CURRENT_USER\ Software\ Microsoft\ Narrator\ NoRoam
- Delete the registry entry: “ComponentName” = “C2F8037AA0BD29CD472402BC63079F558F647C9B”
- Delete the registry key: HKEY_CLASSES_ROOT\ CLSID\ {53255E7F-D464-40FB-857D-A2F9F0E1E397}\ InProcServer32
- Delete the registry key: HKEY_CURRENT_USER\ Software\ Microsoft\ Active Setup\ Installed Components\ {89B4C1CD-B018-4511-B0A1-5476DBF70820}
- Close the Registry Editor and re-boot your PC.