Back to the homepage

Tee Support Blog

Official News, Step-by-Step Guides and Tools

The followings are the posts under how-to-eliminate-trojan-infection tag

Effectively Remove Trojan Ramnit.A.42 From Svchost.exe (Manual Removal)

Published September 21st, 2012 by Cindy Moore

Nowadays, cyber criminals are as dangerous as muggers on the streets. Be aware of such unreliable appliations like Trojan Ramnit.A.42. How is it possible that Ramnit.A.42 may cause damage to the system? What to do with the removal? Read it carefully, you can get your answers here.

Basic Information of Ramnit.A.42

Recently, a new computer virus called Ramnit.A.42 came out, which is categorized to the Trojan horse. It is an extremely dreadful pest that can maximize the damages to the affected PCs. Usually, this virus may be found by antivirus, but when you run various removal tools and click the remove button after the scan, the Ramnit.A.42 is still there and won’t cast off. One thing should be clear that rootkit technology is utilized by this virus to cunningly shun these protection tools. When it manages to install onto a system, many problems will happen. For example, it can make changes in Windows start-up registry to enable its automatic execution whenever you power on the machine; its malicious processes, files can take up lots of PC resource, thus, the PC will be running much more slow than usual; it creates a backdoor by secretly installing FTP server to give permission for a remote attacker to gain full access on victim’s computer so as to steal important confidential data; it can self-replicate, disable security software from being deleted and come bundled with pirated software which you all used to download from malicious sites. You can’t image what other more dangerous harm Ramnit.A.42 will bring. For your PC’s stability and security, we highly recommend you to remove Ramnit.A.42 virus as quickly as possible upon detection.

Trojan Ramnit.A.42 is Extremely Dangerous

  1. Ramnit.A.42 comes without any consent and disguises itself in root of the system once installed.
  2. Ramnit.A.42 can compromise your system and may introduce additional infections like rogue software.
  3. Ramnit.A.42 may redirect you to some unsafe websites and advertisements which are not trusted.
  4. Ramnit.A.42 often takes up high resources and strikingly slow down your computer speed.
  5. Ramnit.A.42 can help the cyber criminals to track your computer and steal your personal information.

How to Get Rid of Ramnit.A.42 Manually

1. Launch the Task Manager by pressing keys “CTRL + Shift + ESC”, search for Ramnit.A.42 processes and right-click to end them.

 

[random].exe

2. Get rid of the following files created by Ramnit.A.42:

%Documents and Settings%\[UserName]\Application Data\[random]
%AllUsersProfile%\Application Data\.dll
%AllUsersProfile%\Application Data\.exe

3. Open Registry Editor (in Windows XP, go to Start Menu, run, type in “Regedit” and press OK; in Windows 7 & Windows Vista, go to Start menu, Search, type in “Regedit”), find out the following Ramnit.A.42 registry entries and delete:

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main "Use FormSuggest" = 'Yes'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "CertificateRevocation" = '0'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "WarnonBadCertRecving" = '0'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop "NoChangingWallPaper" = '1'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations "LowRiskFileTypes" = '.zip;.rar;.nfo;.txt;.exe;.bat;.com;.cmd;.reg;.msi;.htm;.html;.gif;.bmp;.jpg;.avi;.mpg;.mpeg;.mov;.mp3;.m3u;.wav;.scr;'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments "SaveZoneInformation" = '1'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer "NoDesktop" = '1'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableTaskMgr" = '1'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[random].exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[random]"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "DisableTaskMgr" = '1'
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "CheckExeSignatures" = 'no'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced "Hidden" = '0'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced "ShowSuperHidden" = '0'

Automatic Removal Tool (Recommended)

SpyHunter is a powerful, real-time anti-spyware application that designed to assist the average computer user in protecting their PC from malicious threats like worms, Trojans, rootkits, rogues, dialers, spyware, etc. It is important to notice that SpyHunter removal tool works well and should run alongside existing security programs without any conflicts.

Step 1. Download SpyHunter by clicking on the icon below.

Step 2. Follow the details to complete the installation process. (Double click on the download file and follow the prompts to install the program.)

spyhunter run

spyhunter setup

spyhunter setup

Step 3. After the installation, run SpyHunter and click “Malware Scan” button to have a full or quick scan on your computer.

Step 4. Tick “Select all” and press “Remove” button to get rid of all the detected threats on your computer.

Video Tutorials for Your Reference

Note: Manual removal of files and registry entries is very effective to get rid of this annoying threat Ramnit.A.42. Anyhow, it requires skills and experience, if any wrong operation or even any deviation from the instructions during the manual removal could result in irreparable system damage. To make sure complete deletion, it is recommended to download Best Virus Removal Tool SpyHunterhere to help you automatically remove the virus from your computer.

VN:F [1.9.18_1163]
Rating: 9.7/10 (6 votes cast)

Live Help by Tee Support Tech Experts 24/7

Remove TrojanDropper:Win32/Waltrodock.A Virus – How to Get Rid of TrojanDropper:Win32/Waltrodock.A Permanently

Published May 5th, 2012 by Lisa

Is your computer infected with TrojanDropper:Win32/Waltrodock.A? This step-by-step guide can help you safely and quickly remove TrojanDropper:Win32/Waltrodock.A.

Analysis on TrojanDropper:Win32/Waltrodock.A

TrojanDropper:Win32/Waltrodock.A is a Trojan horse virus that steals on computers by bundled downloads, removable drives or software exploitation in secret without your awareness or consent. When your PC is highly infected with TrojanDropper:Win32/Waltrodock.A , it can add malicious files to the system and create start-up entries to make chaos. As identified security threat, TrojanDropper:Win32/Waltrodock.A connects to remote server so that it drops down and installs additional files. Not only MSE keeps showing you the virus is still inside your computer after many times you tried to remove it. But also the virus enables cyber criminals to gain remote access to the compromised PC system. Worse still, TrojanDropper:Win32/Waltrodock.A can make record on your online work and steal personal information, mainly confidential data for illegal activities. TrojanDropper:Win32/Waltrodock.A is a big threat to your PC and it’s necessary for you terminate this bug quickly upon detection. Read the rest of this post »

VN:F [1.9.18_1163]
Rating: 0.0/10 (0 votes cast)

Live Help by Tee Support Tech Experts 24/7