Vista ARTICLES TOP 50 Spyware Virus Vista SOFT Vista HELP

backdoor removal

You are currently browsing the articles from MS Windows Vista Compatible Software matching the category backdoor removal.

Manual Removal of W32/Bdoor-ZAR Backdoor Worm

Manual Removal of W32/Bdoor-ZAR Backdoor Worm.

W32/Bdoor-ZAR is a network worm with backdoor functionality for the Windows platform.
The backdoor component accepts commands from remote users.
Other names of W32/Bdoor-ZAR Worm:
This Worm is also known as Worm.Win32.AutoRun.skg, WORM_AUTORUN.CCJ.

Damage Level : High/Medium
Distribution Level: Unknown

No Auto Removal Tool for W32/Bdoor-ZAR Backdoor Worm
Try ProtectorPlus W32/Autorun Worm Removal 1.0

Mirror Link 1

Mirror Link 2
Worm Manual Removal Instructions
Recommend Removal from Safe Mode:
How to Start in Safe mode:
Restart your Computer, Press F8 Repeatedly, when your Screen turns on, Select Safe mode, press enter.

The Infected Files Can be Seen in these folders and names also Running in Tasks
End the Following Active Process Before Removal

%\Windows\System\cfg.exe
%\config\cfg.exe [ Runs on Startup ]
%\config\s-1-5-21-1482476501-1644491937-682003330-1013\cfg.exe
- If you have any of these files in running process from task manger, end the process before removal.
- Note: if task manager is disabled
  Download the following file[ Right click and select “Save Target as” ]
  Click to Download - Enable Registry.reg
- Open it with Regedit.exe [%system32\regedit.exe], then it Confirms Add to registry Yes or No, Confirm Yes, then click Ok.

Backdoor Entries Manual Removal From Registry

Click Start, Run,Type regedit,Click OK.

Note: If the registry editor fails to open the threat may have modified the registry to prevent access to the registry editor.
Download and run this UnHookExec.inf, and then continue with the removal.
Save it to your Windows desktop. Do not run it at this time, download it only.
After booting into the Safe Mode or VGA Mode
Right-click the UnHookExec.inf file and click Install. [This is a small file. It does not display any notice or boxes when you run it.]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components
HKLM\SYSTEM\CurrentControlSet\Services\cfg
Type dword:00000010

HKLM\SYSTEM\CurrentControlSet\Services\cfg
Start dword:00000002

HKLM\SYSTEM\CurrentControlSet\Services\cfg
ErrorControl dword:00000000

HKLM\SYSTEM\CurrentControlSet\Services\cfg
ImagePath (may be encoded)

HKLM\SYSTEM\CurrentControlSet\Services\cfg
DisplayName cfg

HKLM\SYSTEM\CurrentControlSet\Services\cfg
ObjectName LocalSystem

HKLM\SYSTEM\CurrentControlSet\Services\cfg\Security
Security

HKLM\System\CurrentControlSet\Enum\Root\LEGACY_CFG

Manual Removal of Backdoor.Graybird Trojan Spyware

Manual Removal of Backdoor.Graybird Trojan Spyware

Other names of Backdoor.Graybird Trojan:
This Trojan is also known as Trojan-Dropper.Win32.Agent.aang.

Damage Level : High/Medium
Distribution Level: Unknown

No Auto Removal Tool for Backdoor.Graybird Trojan Spyware
Worm Manual Removal Instructions
Recommend Removal from Safe Mode:
How to Start in Safe mode:
Restart your Computer, Press F8 Repeatedly, when your Screen turns on, Select Safe mode, press enter.

The Infected Files Can be Seen in these folders and names also Running in Tasks
End the Following Active Process Before Removal

%AppData%\key folder\filewin.exe
%CommonFavorites%\netservice.exe
%CommonFavorites%\plug\001.dll
%DownloadedProgramFiles%\usbkey.exe
%InternetCache%\qq.exe
%ProgramFiles%\advanced invisible keylogger\win16sys.dll
%ProgramFiles%\bbs.hksxs.com.exe
%ProgramFiles%\common files\360safe\qq.com
%ProgramFiles%\common files\directdb.com
%ProgramFiles%\common files\iugaq.exe
%ProgramFiles%\common files\netdde.dll
%ProgramFiles%\common files\netdde.exe
%ProgramFiles%\common files\netddekey.dll
%ProgramFiles%\common files\syskey.dll
%ProgramFiles%\common files\system\msadc\nettps.dll
%ProgramFiles%\common files\system\msadc\nettps.exe
%ProgramFiles%\common files\system\msasp32.exe
%ProgramFiles%\common files\system\nvcpl.exe
%ProgramFiles%\common files\system\services.exe
%ProgramFiles%\common files\system\svchostsers.com
%ProgramFiles%\hacke.cn.exe
%ProgramFiles%\hgzserver\adminis.exe
%ProgramFiles%\hgzserver\g_server2006.dll
%ProgramFiles%\hgzserver\g_server2006key.dll
%ProgramFiles%\hgzserver\hacker.com.cn.exe
%ProgramFiles%\hgzserver\shuibai8.exe
%ProgramFiles%\hgzuerver\hacker.com.cn.exe
%ProgramFiles%\intel\intel.exe
%ProgramFiles%\intel\intell.dll
%ProgramFiles%\internet explorer\connection wizard\auiyg.exe
%ProgramFiles%\internet explorer\connection wizard\svchosi.exe
%ProgramFiles%\internet explorer\inexplore.com
%ProgramFiles%\internet explorer\svchosi.exe
%ProgramFiles%\internet explorer\svchost.dll
%ProgramFiles%\internet explorer\svchostkey.dll
%ProgramFiles%\internet explorer\update.dll
%ProgramFiles%\java\javs.exe
%ProgramFiles%\meteors\svchost.dll
%ProgramFiles%\meteors\svchost.exe
%ProgramFiles%\meteors\svchostkey.dll
%ProgramFiles%\outlook express\ghost.exe
%ProgramFiles%\personal pc spy\win16sys.dll
%ProgramFiles%\qq.exe
%ProgramFiles%\rtlcpli.exe
%ProgramFiles%\server.exe
%ProgramFiles%\windows media player\wowuc.exe
%ProgramFiles%\windows nt\accessories\vbs.exe
%ProgramFiles%\windowsupdate\svchost.exe
%ProgramFiles%\xunjie.cn.exe
%System%\_msinfo.exe
%System%\_publishing.exe
%System%\_usb.exe
%System%\0.exe
%System%\0309c26e.exe
%System%\36dbc900.dll
%System%\3800hk.dll
%System%\487c0a80.exe
%System%\4e17c240.exe
%System%\a340d383.exe
%System%\alxres061230.exe
%System%\anti.dll
%System%\appen.exe
%System%\applictie.exe
%System%\aws.exe
%System%\bifrost\server.exe
%System%\bluefire.exe
%System%\brc_server.exe
%System%\btcrackdll.dll
%System%\btcrackdllfpga.dll
%System%\c2c.dll
%System%\ccevtsvc.exe
%System%\clipbook.exe
%System%\closeapp.exe
%System%\cnxcis.dll
%System%\comsvcs.exe
%System%\cs.exe
%System%\cybertv.exe
%System%\d249ad80.exe
%System%\d249ad80t.exe
%System%\dbmssocns.dll
%System%\ddos.exe
%System%\dhcpserver.dll
%System%\dllcache\msyow.exe
%System%\dllcache\vba.dll
%System%\doskeys.exe
%System%\drivers\etc\l68z386i.dll
%System%\drivers\lpd.sys
%System%\drivers\spoclsv.exe
%System%\drivers\spools.exe
%System%\drivers\svchost.exe
%System%\drivers\system.exe
%System%\dxdiag.com
%System%\enqueue.exe
%System%\expl0rer.exe
%System%\fe.exe
%System%\frundlll.exe
%System%\fservice.exe
%System%\hyyk.dll
%System%\hz_sys_temtray.dll
%System%\iexplqre.exe

If you have any of these files in running process from task manger, end the process before removal.
Note: if task manager is disabled, Download the following file, Click to Download - Enable Registry.reg

Manually Remove From Registry
Click Start, Run,Type regedit,Click OK.
Note: If the registry editor fails to open the threat may have modified the registry to prevent access to the registry editor. Download and run this UnHookExec.inf, and then continue with the removal.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
In the right pane, delete the value:
“g.exe” = “%Windir%\g.exe”
Navigate to and delete the following subkeys:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services
\GrayPigeonServer
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Enum\Root
\LEGACY_GrayPigeonServer

Search Registry For Virus File Names listed above to remove completely,
Edit Menu - Find, enter Keyword and remove all value that find in search.
Exit the Registry Editor,

Restart your Computer.
Recommended Removal Tools:
Kaspersky Antivirus or Internet Security (Shareware)
Spyware Doctor (Shareware)
AVG Antivirus (Freeware)
Killbox (Freeware)