How to remove BackDoor-ABF virus

[DeMario]

Sponsored Links

Hi every, I am get bugged by trying to removing BackDoor-ABF virus from my computer. This malware slowly gaining full control over the system. And restricting to open a numbers of application or taking long time to open programs. My system taking long time to start up shut down. I want to remove this virus as soon as possible. Can any one will provide me a removal solution?

[Zachary]

There are some file information:

• MD5 - EDA1A3BA4AFC806BCE055C69A60C5071
• SHA - 99CBB7FFC04C874A74CC3C3082B1F4EF37C3D739

There are some aliases

• AVG - BackDoor.VB.20.C
• Symantec - W32.SillyDC
• Kaspersky - Worm.Win32.Basun.wsc
• Microsoft - Trojan:Win32/VB

[Milton.J]

This virus connects to the IP Address “91.211. [Removed].76 via a remote port 8000” and downloads the given files:

• %USERPROFILE%\Local Settings\Temp\3.tmp [Detected as TDSS.a]
• %USERPROFILE%\Local Settings\Temp\Nz0.exe
• %USERPROFILE%\Local Settings\Temp\Nzz.exe
  
• %USERPROFILE%\Administrator\RerZNy.bat
• %USERPROFILE%\Administrator\SpyoYs.exe
  
• %WINDOWS%\system32\sshnas21.dll

[Steve123]

The given registry keys are inserted to the system:

• HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Providers\tdl
• HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SSHNAS
• HKEY_CURRENT_USER\S-1-(Varies)\Software\TOY5KNQ8OC
• HKEY_CURRENT_USER\S-1-(Varies)\Software\XML

[Shen]

There are some symptoms:

• occurrence of above given files and registry keys
• occurrence unexpected network connections to the above given IP Addresses.

How are they infect:
This virus does not self-replicate. They are increase manually, regularly under the principle that the executable is a little beneficial. Distribution channels contain IRC, peer-to-peer networks, newsgroup postings, e-mail, etc.

[Big Fish]

You have to use a standard anti virus software program to remove your system virus. There are to many anti virus application are available in the market. You can use Kaspersky anti virus application, this application easily download from its official web site. During installation you have to select standard installation. After installation you have to update anti virus definition. Now scan entire system to remove virus.

[srp204]

here is what I did go to safe mode F8and select command prompt
Once system is up and you are at command prompt type regedit
when regedit comes up -go to edit and click find in the space type abf.exe
Everytime it comes up with the afb.exe delete it don't be surprised to find there are up to 20 of these commands
just keep find afb.exe and deleting until the editor tells you there are no more afb.exe commands
Then just restart the computer and run a malwarebytes to clean up the system
Note you can not get to regedit with just safe mode it has to be safe mode command prompt
even if you go to task manager and end the afb.exe command the next double click will start it again you have to start the system at command prompt to bypass the afb cycle.