Kee Ransomware

Kee Ransomware Description

The Kee Ransomware is a Trojan that modifies files with an AES enciphering routine without providing its victims with any means of acquiring a decryption solution. These attacks may corrupt your data permanently and are likely to target content such as documents, spreadsheets and pictures particularly. However, some anti-malware products may block and remove the Kee Ransomware without its encryption triggering.

Trojans Peddling False Hope to Those They Hurt

Out of the many possible revisions to Utku Sen's Hidden Tear, con artists introduce almost all of them to the public with the hope of making money via extortion. However, a new threat's campaign is eschewing the usual process of 'selling' its decryptor, but still, encrypts the PC's files. This new Trojan, the Kee Ransomware, offers no decryption features and even includes additional features for causing more damage after it locks your files.

This suspected variant of Hidden Tear includes the following features in its payload:

  • An encryption attack using an AES algorithm encodes you files, locking content such as documents, and adds the '@kee' string onto every extension.
  • Three different methods of displaying its warning messages via desktop wallpaper hijackings, interactive pop-up windows and text files. All of them announce the previous attack's occurrence, and the pop-up also includes a live countdown.

Strangely, although the Kee Ransomware doesn't offer a ransoming method for its decryptor, a brief concluding statement in its notes implies that the victim could, in theory, decrypt their files after searching their hard drive for the correct key. Malware experts see no evidence of the Kee Ransomware leaving this critical data exposed for the victim's use, meaning that this 'scavenger hunt' likely is undertaken in vain.

Also of note is the Kee Ransomware's file-deleting feature, which triggers after the infected PC reboots.

The Actual Key to Solving the Kee Ransomware's Unsolvable Puzzle

Any users in need of restarting their PCs without disabling the Kee Ransomware first, should search for the 'killsw32l.dll' file and remove it, which will prevent the launch of this Trojan's deletion feature. However, decryption appears to be impossible without further assistance from third-party anti-malware researchers. The danger this threat represents to any locally-stored data causes malware experts to recommend backing up your files to other locations, such as USB drives, for later restoration in the event of a Kee Ransomware attack.

The Kee Ransomware's possible ancestry with Hidden Tear is suspected but not, yet, confirmed, and samples of this threat and encrypted content may be invaluable to the anti-malware industry. PC users can watch traditional infection vectors like e-mail spam and corrupted websites for possible attempts to compromise their PC with this Trojan or other file-encrypting threats like it. While no traditional anti-malware product comes bundled with decryption functions for unlocking your files, they may remove the Kee Ransomware either before or after its installation.

The Kee Ransomware is a throwback to the days of Trojans, viruses, and other, corrupted software causing damage for the damage's sake. Whether a threat author has profit or pain on his mind, the results, however, are file loss and security problems for the user at the other end.

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to Kee Ransomware may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner

Note: SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats. Learn more on SpyHunter. If you would like to uninstall SpyHunter for any reason, please follow these uninstall instructions. To learn more about our policies and practices, visit our EULA, Privacy Policy and Threat Assessment Criteria.

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

The following files were created in the system:



%USERPROFILE%\Desktop\file.exe File name: file.exe
Size: 3.61 MB (3619328 bytes)
MD5: 62c2aaf974ea6d5ff2c1af56fa4afe86
Detection count: 56
File type: Executable File
Mime Type: unknown/exe
Path: %USERPROFILE%\Desktop\
Group: Malware file
Last Updated: May 18, 2017

Registry Modifications


The following newly produced Registry Values are:

Regexp file mask%USERPROFILE%\Desktop\Downloads\killsw32b.dll%USERPROFILE%\Desktop\killsw32l.dll%USERPROFILE%\killsw32c.dll

Related Posts

Posted: May 17, 2017
Threat Metric
Threat Level: 10/10
Infected PCs 85

Leave a Reply

Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter. If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.