Member
Hi friends, I frustrated here. I am trying hard to remove Trojan.Spyeye trojan from my computer. It came in my system when I was transferring a few songs through Mp3 player. I got a popup from MSE but I ignored the same. And then the virus spread. I am quiet annoyed here. I am not able to find any option to remove this completely. I had tried a lot. But this does not looks like a easy way to wipe this thing. What should I do.
Member
At the time this Trojan is runs, this malware creates the given configuration file, which is a password-protected ZIP archive:
- %SystemDrive%\cleansweep.exe\config.bin
This malware also makes the given file, which includes a hard-coded password to decrypt the above given configuration file:
- %SystemDrive%\cleansweep.exe\cleansweep.exe
Member
After, Trojan.Spyeye Trojan generates the given registry entry so which is it runs whenever Windows starts:
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\"cleansweep.exe" = "%SystemDrive%\cleansweep.exe\cleansweep.exe"
Member
This virus also gives a specific rootkit capabilities, for instance it can:
- This malware hides its own process on inserted processes
- This malware hide and protect access to its own binary code
- This malware hide and protect access to its startup registry entry
Member
The given instructions pertain to every present and newly Symantec antivirus products, which is having the Symantec AntiVirus and Norton AntiVirus product lines.
- Disable System Restore.
- Update the virus definitions.
- Run a full system scan.
- Delete any values added to the registry.
Member
Search to and remove the given registry entry:
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\"cleansweep.exe" = "%SystemDrive%\cleansweep.exe\cleansweep.exe"
Posting Permissions
Reply With Quote
Bookmarks