Trojan.Kasidet Removal Guide

Do you know what Trojan.Kasidet is?

Trojan.Kasidet is a harmful malicious application that has been classified as POS (Point-of-sale) malware. It does not try to infiltrate computers of individual computer users because it has been designed to steal financial information from debit/credit cards and payment terminals mainly. We would lie if we told you that it is a completely new threat. It was first detected by malware analysts in 2015, but since its popularity is growing, we have decided to provide more information about it. Unfortunately, it takes time for victims to find out about the entrance of Trojan.Kasidet because it enters computers illegally and works entirely in the background. On top of that, it does not have an interface. It is not only difficult to detect it, but it is also quite complicated to remove it because it makes modifications on affected machines, drops files, and creates a scheduled task. Of course, it can still be erased manually. Read the rest of this article to find more about its removal.

Before we explain to you how Trojan.Kasidet can be erased from the system, let us present you how this malicious application works. As research has clearly shown, the first thing this infection does once executed is disabling monitoring software. Most probably, it does that so that it could stay unnoticed longer. Also, it changes Proxy settings on affected machines. After doing that, the folder having a random name (alphanumeric characters) is created in the %APPDATA% directory. It contains an executable file that also has a random name. Both the folder and the file it contains are hidden, which clearly shows that Trojan.Kasidet tries to stay undetected. What else research has shown is that it creates a point of execution (PoE) so that it could continue performing malicious activities even after the computer is restarted. To be more specific, it creates a new task using Task Scheduler. It also has a random name, e.g. Xl5jVVxcVWIx.job. Our team of experienced researchers has also observed that Trojan.Kasidet uses the Internet connection for its malicious activities. They say that it connects to the Internet to establish communication with its C&C server. If it does that successfully, additional .exe files are downloaded and placed into %LOCALAPPDATA%\Microsoft\Windows\Temporary Internet Files\Content\.IE5\[randomly named folder]. At the time of research, it tried to establish communication with the server in the Netherlands, but it might also communicate with enotecacattaneo[.]it (62.149.128.151), lattone[.]com (62.149.128.160), pationare[.]bit (144.76.133.38), and many other servers. As can be seen, Trojan.Kasidet is quite sophisticated malware. This is the reason why its removal is not a piece of cake either.Trojan.Kasidet Removal GuideTrojan.Kasidet screenshot
Scroll down for full removal instructions

As mentioned at the beginning of this article, Trojan.Kasidet has been active since 2015, but it does not differ much from other newly-developed Trojan infections the way it is distributed. Researchers say that it is also mainly spread via spam emails. Specifically speaking, it is spread as an ordinary email attachment. On top of that, it might be distributed using exploit kits. As you already know, Trojan.Kasidet is sophisticated malware that does not need permission to infiltrate computers. Luckily, this does not mean that there is nothing users can do to protect their machines. A trustworthy antimalware tool could prevent Trojan.Kasidet from entering the system easily, so all computers with the Internet connection should have security software enabled on them, our security specialists say.

Do not expect to remove Trojan.Kasidet easily, but it does not mean that users cannot erase this infection from their computers manually. Use our manual removal guide even if you feel quite experienced in malware removal because a single active component belonging to the Trojan infection left on the system might result in its revival. The manual removal of this nasty threat will take some time because there are several changes that need to be undone, so if you do not have time for this, you can use an automated malware remover to clean your system instead.

Delete Trojan.Kasidet manually

Display hidden files and folders

Windows 7/Windows Vista

  1. Click the Start button (bottom-left corner).
  2. Select Control Panel and then click Appearance and Personalization.
  3. Click Folder Options.
  4. Select View.
  5. Locate Show hidden files, folders, and drives under Advanced settings.
  6. Enable it.
  7. Click OK.

Windows XP

  1. Click Start.
  2. Select My Computer.
  3. Click Tools at the top and select Folder Options…
  4. Click View.
  5. Select Show hidden files and folders under Advanced Settings.
  6. Click OK.

Windows 8/8.1

  1. Access Search (point to the upper-right corner of your screen, move the mouse pointer down, and click Search).
  2. Type folder.
  3. Select Folder Options.
  4. Click View.
  5. Select Show hidden files, folders, and drives.
  6. Click OK.

Windows 10

  1. Type folder in Search (it is located on your Taskbar).
  2. Select Show hidden files and folders.
  3. Locate Show hidden files, folders, and drives under Advanced settings and select it.
  4. Click OK.

Disable altered Proxy settings

Internet Explorer

  1. Open Internet Explorer.
  2. Click Tools and select Internet Options.
  3. Open Connections.
  4. Select LAN settings.
  5. Remove the tick from the box alongside Use a proxy server for your LAN.
  6. Click OK.

Mozilla Firefox

  1. Launch Mozilla Firefox.
  2. Click Tools and select Options.
  3. Go to the bottom.
  4. Access Network Proxy and select Settings.
  5. Select No Proxy and click OK.

Google Chrome

  1. Start Google Chrome.
  2. Access the browser’s menu (tap Alt+F).
  3. Click Settings.
  4. At the bottom of the page, click Advanced.
  5. Locate System.
  6. Click Open proxy settings.
  7. Click LAN settings.
  8. Uncheck the Use a proxy server for you LAN box.
  9. Click OK.

Remove files

  1. Press Win+E.
  2. Access %APPDATA% (insert it in the Explorer’s address bar and press Enter).
  3. Find a folder having a random name (it should contain an executable (.exe) file).
  4. Delete it.
  5. Access %WINDIR%\Tasks.
  6. Remove the {random name}.job task linked to the Trojan infection.
  7. Open %LOCALAPPDATA%\Microsoft\Windows\Temporary Internet Files\Content\.IE5\[a randomly named folder].
  8. Remove executable files associated with Trojan.Kasidet.
  9. Erase all files downloaded recently and then empty Trash.

In non-techie terms:

Trojan.Kasidet is a nasty infection that is used by cyber criminals to steal financial information. It mainly targets credit/debit cards and POS terminals, but there are no guarantees that ordinary computer users cannot find this nasty infection on their computers too. Once Trojan.Kasidet gets onto computers, it drops several files, creates a scheduled task, and downloads several executables from its C&C server. It will not delete itself automatically from affected computers, which means that victims need to erase it from their machines themselves to put an end to all activities it performs.