Trojan/Pacoredi

Trojan/Pacoredi is a malware that installs with a rogue version of KMSPick.
This sheet gives you information on this computer threat as well as advice on how to eradicate this malicious software from your device.

What is Trojan/Pacoredi?

iKernel.exe is a type of malware HackTool which enters your PC without your knowledge.
To confuse itself and avoid arousing suspicion, the amlware pretends to be InstallShield.
InstallShield being a framework which makes it possible to create programs of installation (setup).

IKernel.exe enters the following location:

(Flexera Software LLC -> InstallShield Software Corporation) [Unsigned file] C:\Program Files (x86)\Common Files\installshield\engine\8\intel 32\isupdate

The detections are of the type Trojan/Pacoredi ou PUA.MSIL.Pacoredi.A

It makes itself persistent through a scheduled task: InstallShield® Setup Engine Kernel.
Finally the malware force a proxy in the network configuration of Windows:

HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings: [ProxySettingsPerUser] 0 <==== WARNING (Restriction - ProxySettings) AutoConfigURL: [HKLM] => hxxp://127.0.0.1:86/ AutoConfigURL: [ HKLM-x32] => hxxp://127.0.0.1:86/ ProxyServer: [S-1-5-21-1886682061-2663774981-2704274487-1001] => http=127.0.0.1:8888;https=127.0.0.1 :8888

The proxy allows malicious activity like:

  • Save visited sites
  • Divert and redirect the Internet user when surfing to phishing sites
  • Inject advertisements into WEB pages

Finally, this can generate connection errors on sites of the type ERR_PROXY_CONNECTION_FAILED

How to remove Trojan/Pacoredi?

Remove IKernel.exe with MBAM

Consult the Malwarebytes Anti-Malware tutorial on the site
  • Download then install Malwarebytes Anti-Malware
  • Let yourself be guided to carry out the first configurations
  • Then Launch a quick scan by clicking on the button Analyze
  • At the end of the scan, delete all the threats detected
  • Finally restart your PC if MBAM asks for it
Remove viruses with Malwarebytes Anti-Malware

Malwarebytes Anti-Malware in video:

Remove IKernel.exe with RogueKiller

Check out the RogueKiller Anti-Malware tutorial
  • Download then install RogueKiller
  • Start a PC virus scan by clicking on the button Analyze
Remove viruses with RogueKiller / Remove malware with RogueKiller
  • Let the scan run, it will take some time
  • Finally remove all detected threats
Remove viruses with RogueKiller / Remove malware with RogueKiller

Remove IKernel.exe with NOD32

ESET's Free Online Scanner
  • Download then run esetonelinescanner.exe
  • Then let yourself be guided to perform the analysis online then enable PUA detection (Potentially unwanted application)
Perform a NOD32 online scan to remove viruses
  • Then the analysis of NOD32 is carried out, again, it will take a long time, be patient
  • Finally place all the detected elements in quarantine

NOD32 scan in video:

Need personalized help?

Nothing works ?
Need personalized help?
Go to the forum by creating your own topic, we will help you!
=> Malekal Forum - Virus Removal Help

forum_malekal_desinfection_adwares_virus

How to protect your PC from viruses

You can delete the programs used, if you wish you can keep Malwarebytes Anti-Malware to perform regular scans.
Remove AdwCleaner and ZHPCleaner, there is no point in keeping them for regular analyzes.

It is strongly advised to change all your passwords (Facebook, online games, emails etc).

Here are some tips to keep your computer safe and prevent malware.
To secure your computer, especially update all your software (Adobe Flash, Java etc): Secure your computer and protect your PC from viruses.

Similar entries:

  1. Trojan:VBS/Obfuse
  2. Trojan: Win32 / Sabsik.TE.B! Ml
  3. RedLineStealer
  4. Trojan: Win32 / AgentTesla
  5. Trojan: Win32 / Genasep