Mgking.exe (Mgking) Trojan Virus File Removal

Danger Mgking.exe is a dangerous file which creates activities on a user’s computer which may be highly undesirable. This file is unsafe.

Type: Trojan Virus (Click Here To Learn More)
Location: C:\Documents and Settings\[username]\Application Data\Mgking.exe (Click Here To Learn How To Locate)
Risk Level: Moderate (Learn More About Risk Levels)

Below is our recommended removal tool for Mgking.exe. The removal tool has been rated 5 cows out of 5 by Tucows and was previously CNET’s Editor’s Choice. Feel free to download it below.


Manual Removal – Mgking.exe may be removed through analyzing your HijackThis log. Feel free to post your hijackthis log below if you need assistance analyzing it. Hijackthis will be ideal to manually remove the virus

Click Here To Learn About HijackThis. To download HijackThis, please click HERE.

Mgking.exe File Details -
File Type – EXE – Mgking.exe is a executable file
First Identified – Nov 1 2019

Common Questions -
1. What is a computer virus? (Click Here To View)
2. How did I get this computer virus? (Click Here To View)
3. What common symptoms show that my computer may be infected? (Click Here To View)
4. How can I check if Mgking.exe is a computer virus? (Click Here To View)
5. What are some antivirus and antispyware programs which I can use to remove viruses and spyware? (Click Here To View)

We recommend that you follow our safety tips so that you can keep your computer clean. Please click here to view our safety tips

Your feedback is very highly valued by others so please feel free to comment. Please feel free to share a solution that you may have used to remove Mgking.exe.

This entry was posted on Monday, November 1st, 2019 at 1:02 am and is filed under Malware Removal. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

One Response to “Mgking.exe (Mgking) Trojan Virus File Removal”

mily December 10th, 2019 at 12:04 pm

my log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:01:59, on 2010-12-10
Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe
D:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
C:\Program Files\Vimicro Corporation\VMUVC\VMonitor.exe
D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe
D:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\LClock\lclock.exe
C:\Program Files\COMODO\COMODO GeekBuddy\CLPS.exe
C:\Program Files\MaZZicK\Mazzick.exe
D:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\PNotes\PNotes.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\foobar2000\foobar2000.exe
d:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 – HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 – HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = WindowZ IE
O2 – BHO: CommandBar.CtrlMHook – {3f1ab67e-12aa-352e-b4e0-a5f1810b60dd} – mscoree.dll (file missing)
O2 – BHO: Groove GFS Browser Helper – {72853161-30C5-4D22-B7F9-0BBC1D38A37E} – D:\PROGRA~1\MICROS~1\Office12\GRA8E1~1.DLL
O2 – BHO: GdfrDUEn – {A3CF7606-E683-4375-A372-96B75DA0AEF7} – C:\Program Files\Get Styles\enlbrdr.dll
O2 – BHO: SkypeIEPluginBHO – {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} – C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 – BHO: Java(tm) Plug-In 2 SSV Helper – {DBC80044-A445-435b-BC74-9C25C1C588A9} – C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 – BHO: JQSIEStartDetectorImpl – {E7E6F031-17CE-4C07-BC86-EABFE594F69C} – C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 – BHO: Loader Class – {F880A4A8-C436-4AC4-AFD1-AA0BDC9552DD} – C:\WINDOWS\system32\FindeXer.dll
O3 – Toolbar: QT Breadcrumbs Address Bar – {af83e43c-dd2b-4787-826b-31b17dee52ed} – mscoree.dll (file missing)
O3 – Toolbar: QT TabBar – {d2bf470e-ed1c-487f-a333-2bd8835eb6ce} – mscoree.dll (file missing)
O3 – Toolbar: QT Tab Standard Buttons – {D2BF470E-ED1C-487F-A666-2BD8835EB6CE} – mscoree.dll (file missing)
O3 – Toolbar: (no name) – {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} – (no file)
O4 – HKLM\..\Run: [Resume copy] copyfstq.exe /startup
O4 – HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 – HKLM\..\Run: [nwiz] nwiz.exe /install
O4 – HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 – HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE Vimicro USB PC Camera (VC0305)
O4 – HKLM\..\Run: [VMonitorVMUVC] “C:\Program Files\Vimicro Corporation\VMUVC\VMonitor.exe” VMUVC
O4 – HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 – HKLM\..\Run: [GrooveMonitor] “D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe”
O4 – HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 – HKLM\..\Run: [MobileConnect] %programfiles%\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe /silent
O4 – HKLM\..\Run: [COMODO Internet Security] “D:\Program Files\COMODO\COMODO Internet Security\cfp.exe” -h
O4 – HKLM\..\Run: [COMODO] C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLA.exe
O4 – HKCU\..\Run: [LClock] C:\Program Files\LClock\lclock.exe
O4 – HKCU\..\Run: [AQQ] C:\PROGRA~1\WapSter\WAPSTE~1\AQQ.exe
O4 – HKCU\..\Run: [Mazzick.exe] C:\Program Files\MaZZicK\Mazzick.exe
O4 – HKCU\..\Run: [DAEMON Tools Lite] “D:\Program Files\DAEMON Tools Lite\DTLite.exe” -autorun
O4 – HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 – HKCU\..\Run: [Timezone] “C:\Program Files\System\CPL Bonus\timezone.exe”
O4 – HKCU\..\Run: [api32] C:\DOCUME~1\WIELKA~1\USTAWI~1\Temp\apiqq.exe
O4 – HKCU\..\Run: [king_mg] C:\WINDOWS\system32\mgking.exe
O4 – HKUS\S-1-5-19\..\Run: [LClock] C:\Program Files\LClock\LClock.exe (User ‘USŁUGA LOKALNA’)
O4 – HKUS\S-1-5-19\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User ‘USŁUGA LOKALNA’)
O4 – HKUS\S-1-5-20\..\Run: [LClock] C:\Program Files\LClock\LClock.exe (User ‘USŁUGA SIECIOWA’)
O4 – HKUS\S-1-5-20\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User ‘USŁUGA SIECIOWA’)
O4 – HKUS\S-1-5-18\..\Run: [LClock] C:\Program Files\LClock\LClock.exe (User ‘SYSTEM’)
O4 – HKUS\S-1-5-18\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User ‘SYSTEM’)
O4 – HKUS\.DEFAULT\..\Run: [LClock] C:\Program Files\LClock\LClock.exe (User ‘Default user’)
O4 – HKUS\.DEFAULT\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User ‘Default user’)
O4 – S-1-5-18 Startup: PNotes.lnk = C:\Program Files\PNotes\PNotes.exe (User ‘SYSTEM’)
O4 – S-1-5-18 Startup: Transparent fx – lite.lnk = C:\Program Files\Fadebar\Fadebar.exe (User ‘SYSTEM’)
O4 – .DEFAULT Startup: PNotes.lnk = C:\Program Files\PNotes\PNotes.exe (User ‘Default user’)
O4 – .DEFAULT Startup: Transparent fx – lite.lnk = C:\Program Files\Fadebar\Fadebar.exe (User ‘Default user’)
O4 – .DEFAULT User Startup: Transparent fx – lite.lnk = C:\Program Files\Fadebar\Fadebar.exe (User ‘Default user’)
O4 – .DEFAULT User Startup: z.cmd (User ‘Default user’)
O4 – Startup: PNotes.lnk = C:\Program Files\PNotes\PNotes.exe
O4 – Startup: Transparent fx – lite.lnk = C:\Program Files\Fadebar\Fadebar.exe
O8 – Extra context menu item: E&ksportuj do programu Microsoft Excel – res://D:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 – Extra button: GetStyles – {14CD42DD-ABCD-3586-DCAB-40E3693E3737} – C:\Program Files\Get Styles\ct.htm
O9 – Extra ‘Tools’ menuitem: GetStyles – {14CD42DD-ABCD-3586-DCAB-40E3693E3737} – C:\Program Files\Get Styles\ct.htm
O9 – Extra button: Wyślij do programu OneNote – {2670000A-7350-4f3c-8081-5663EE0C6C49} – D:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 – Extra ‘Tools’ menuitem: Wyślij &do programu OneNote – {2670000A-7350-4f3c-8081-5663EE0C6C49} – D:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 – Extra button: Skype add-on for Internet Explorer – {898EA8C8-E7FF-479B-8935-AEC46303B9E5} – C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 – Extra ‘Tools’ menuitem: Skype add-on for Internet Explorer – {898EA8C8-E7FF-479B-8935-AEC46303B9E5} – C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 – Extra button: Research – {92780B25-18CC-41C8-B9BE-3C9C571A8263} – D:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 – Extra button: (no name) – {e2e2dd38-d088-4134-82b7-f2ba38496583} – C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 – Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 – {e2e2dd38-d088-4134-82b7-f2ba38496583} – C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O13 – Gopher Prefix:
O16 – DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) –
O17 – HKLM\System\CCS\Services\Tcpip\..\{31D3199A-3F00-4CAA-931B-487D77399DCC}: NameServer =,
O17 – HKLM\System\CCS\Services\Tcpip\..\{3FD221B0-712B-4701-A615-9F2437F08A9B}: NameServer =,
O18 – Protocol: grooveLocalGWS – {88FED34C-F0CA-4636-A375-3CB6248B04CD} – D:\PROGRA~1\MICROS~1\Office12\GR99D3~1.DLL
O18 – Protocol: skype-ie-addon-data – {91774881-D725-4E58-B298-07617B9B86A8} – C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 – Protocol: skype4com – {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} – C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 – Filter hijack: text/html – {574940E0-1B7A-4881-8FA3-1E809714B156} – C:\Documents and Settings\Wielka Kometa ‘i’\AppData\LocalLow\Microńoft\redir.dll
O20 – AppInit_DLLs: prio.dll
O23 – Service: COMODO livePCsupport Service (CLPSLS) – COMODO – C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe
O23 – Service: COMODO Internet Security Helper Service (cmdAgent) – COMODO – D:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 – Service: LightScribeService Direct Disc Labeling Service (LightScribeService) – Hewlett-Packard Company – C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 – Service: NMSAccessU – Unknown owner – C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 – Service: NVIDIA Display Driver Service (nvsvc) – NVIDIA Corporation – C:\WINDOWS\system32\nvsvc32.exe
O23 – Service: SecuROM User Access Service (V7) (UserAccess7) – Sony DADC Austria AG. – C:\WINDOWS\system32\UAService7.exe
O23 – Service: Vodafone Mobile Connect Service (VMCService) – Vodafone – C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe

End of file – 10338 bytes

Leave a Reply