| Spyware.SpyBossPro removal process |
|
| Author:admin CopyFrom:web Hits: UpdateTime:2008-6-5 11:30:35 |
Begin of the article Spyware.SpyBossPro removal process
1.DownloadGoogle recommend safer browser Web browser, For more safe , Stay Secure on the Web and stay far away virus,Download URL http://www.oral8.net/firefox/firefox.htm
2. Temporarily Disable System Restore (Windows Me/XP).
3. Update the virus definitions. Reboot computer in SafeMode
4. Run a full system scan and clean/delete all Spyware.SpyBossPro infected files and Delete/Modify any values added to the registry.
Navigate to the subkey and delete the valuesas following:
When the program is executed, it creates the following folders:
- %ProgramFiles%\SBP Demo\projects\temp
- %UserProfile%\Application Data\Microsoft\Installer
It then creates the following files:
- %UserProfile%\Desktop\SpyBoss Pro Demo.lnk
- %UserProfile%\Start Menu\Programs\Gear Box Computers Software\SpyBoss Pro Demo\Readme-Help.lnk
- %UserProfile%\Start Menu\Programs\Gear Box Computers Software\SpyBoss Pro Demo\SpyBoss Pro Demo.lnk
- %ProgramFiles%\SBP Demo\EventScheduler.mdb
- %ProgramFiles%\SBP Demo\Help.rtf
- %ProgramFiles%\SBP Demo\Localization.txt
- %ProgramFiles%\SBP Demo\Localization.xml
- %ProgramFiles%\SBP Demo\projects\[DATE] [TIME]\[DATE][TIME] SpyBoss Pro by Gear Box Computers.jpg
- %ProgramFiles%\SBP Demo\projects\[DATE] [TIME]\[DATE][TIME].htm
- %ProgramFiles%\SBP Demo\projects\[DATE] [TIME]\caplog[RANDOM NUMBERS].log
- %ProgramFiles%\SBP Demo\projects\temp.txt
- %ProgramFiles%\SBP Demo\riched32.dll
- %ProgramFiles%\SBP Demo\RunAtStartupTool.exe
- %ProgramFiles%\SBP Demo\SBPDemo.exe
- %ProgramFiles%\SBP Demo\vbalflbr6.dll
- %SystemRoot%\TEMP\SpyBossProDemo.msi
- %Windìr%\Installer\[RANDOM NUMBERS].msi
- %System%\actskn43.ocx
- %System%\dijpg.dll
- %System%\ijl11.dll
- %System%\Memman.vxd
- %System%\skinboxer43.dll
Next, it creates the following registry subkeys:
- HKEY_CURRENT_USER\Software\VB and VBA Program Settings\SpyBoss Pro
- HKEY_LOCAL_MACHINE\SOFTWARE\Gear Box Computers
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared\Modules
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4DA00B90-DFBC-4718-AD53-BD8570394D71}
It then creates the following registry entry so that it executes whenever Windows starts:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\"MSRegScan" = "C:\Program Files\SBP Demo\SBPDemo.exe"
The program may then perform the following activities on the computer:
- Records all keystrokes
- Logs all Web sites visited by the user
- Takes screen shots at regular intervals
- Encrypts and sends all of the saved logs to a predefined email address
- Performs all of the above activities in stealth mode
5. Exit registry editor .
6.delete the IE temp files or you may download ATF temp files cleaner to run a full cleaning.and restart the computer.
8. Now you may remove Spyware.SpyBossPro successfully.
|
| howtoremoveInputer:admin Editor:admin |
| End Of The Article how to remove Spyware.SpyBossPro |
|
Back 个howtoremove:Trojan SHeur.BMLE
Next 个howtoremove: Spyware.TupInsight |
