Monday, January 9, 2012

SpyEye Virus Removal

SpyEye virus is a highly risky Trojan. Its main objective is to enter into a computer and steal users information and money.
It tracks various types of sensitive information, including banking information, Debit/ Credit Card information and money transfer websites log-in details that we provide while dealing with other eCommerce sites online. It then sends it to the Trojan makers so that they easily steal your money.
SpyEye Virus
A computer infected with SpyEye Trojan can be disinfected with appropriate steps. This article reveals several techniques used to remove this Trojan and make your computer clean and safe to use. Until and unless all the steps in this article are finished, you are recommended to avoid dealing on the internet.
1.     Prevent SpyEye from Loading
2.     Delete Associated Files
3.     Re-Setup Registry Settings
4.     Download Antivirus & Firewall Programs

Prevent SpyEye from Loading
The first essential step is to prevent SpyEye Trojan from loading at the computer startup interval. To do so, there are two methods, viz. use System Configuration or modify your registry.
For simplicity of the task, use System Configuration as below:
1.     Boot your machine in the Safe Mode with Networking option. To locate the Boot Options screen, restart it and randomly press F8 key.
2.     Click Start, select Run.
3.     Type MsConfig and press ENTER.
4.     System Configuration will open. Click Startup tab, deselect all items and click Apply.
5.     Click Services tab, mark Hide all Microsoft Services checked, deselect all remaining items and click Apply | OK.
6.     When you are done, simply restart your computer.

Delete Associated Files
There are some files stored on your hard disk which are associated with SpyEye Trojan. Delete them to clean your computer.
1.     Click Start, then My Computer.
2.     Delete all the below mentioned files:
a.     C: | Cleansweep.exe
Note: Although .exe is given at the end, it is not a file at all; it’s a folder. It contains two malicious files namely Cleansweep.exe and Config.bin.
b.    C: | Windows | System32 | wbem | Performance | WmiApRpl_new.ini
c.     C: | Program Files | Spy Eye | SAVE
d.    C: | Program Files | Spy Eye
e.     C: | Program Files | Spy Eye | vclass.exe
f.     C: | Program Files | Spy Eye | unins000.dat
g.    C: | Program Files | Spy Eye | keyproc.dll
h.     C: | Program Files | Spy Eye | vclass.hlp
i.      C: | Program Files | Spy Eye | unins000.exe
j.      C: | Program Files | Spy Eye | settings.dat
k.     C: | Documents and Settings | All Users | Start Menu | Programs | Spy Eye
l.      C: | Documents and Settings | All Users | Start Menu | Programs | Spy Eye | Spy Eye.lnk
m.   C: | Documents and Settings | All Users | Start Menu | Programs | Spy Eye | Uninstall Spy

Re-Setup Registry Settings
SpyEye Trojan modifies your Windows registry so that your computer becomes insecure and transmission of sensitive data becomes easier. Reset the registry settings as stated below.
1.     Click Start, select Run.
2.     Type RegEdit and press ENTER.
3.     Following are several registry entries. After locating them, you may found that their values are modified. Set-up the following values if the original value is modified.
a.     HKEY_CURRENT_USER -> Software -> Microsoft -> Windows -> CurrentVersion -> Internet Settings -> Zones -> 0 1409
b.    HKEY_CURRENT_USER -> Software -> Microsoft -> Windows -> CurrentVersion -> Internet Settings -> Lockdown_Zones -> 1 1406
c.     HKEY_CURRENT_USER -> Software -> Microsoft -> Windows -> CurrentVersion -> Internet Settings -> WarnOnIntranet=0
d.    HKEY_CURRENT_USER -> Software -> Microsoft -> Windows -> CurrentVersion -> Internet Settings -> EnableHttp1_1=0
e.     HKEY_CURRENT_USER -> Software -> Microsoft -> Windows -> CurrentVersion -> Internet Settings -> WarnonBadCertRecving=0
f.     HKEY_CURRENT_USER -> Software -> Microsoft -> Windows -> CurrentVersion -> Internet Settings -> Zones -> 0 1609
g.    HKEY_CURRENT_USER -> Software -> Microsoft -> Windows -> CurrentVersion -> Internet Settings -> ProxyHttp1.1=0
h.     HKEY_CURRENT_USER -> Software -> Microsoft -> Windows -> CurrentVersion -> Internet Settings -> Zones -> 0 1406
i.      HKEY_CURRENT_USER -> Software -> Microsoft -> Windows -> CurrentVersion -> Internet Settings -> WarnOnPostRedirect=0
4.     Click the Close button to exit Registry Editor.

Download Antivirus & Firewall Programs
Your computer is at risk because of several possibilities, viz. you may not have installed an antivirus, your antivirus is outdated or otherwise it failed to detect mentioned Trojan.
The best way I can suggest to get rid of this issue is to download powerful antivirus and firewall programs. Before starting, you must remove existing antivirus program and third party firewall protection, if any. The steps are:
1.     Click Start | Control Panel | Programs | Uninstall a Program.
2.     Select your existing antivirus program and click Uninstall.
3.     Follow the wizard and restart machine when it finishes.
4.     Do the same steps for your third party firewall program.
5.     Download, install and run good antivirus and firewall programs.
6.     Be sure to check whether automatic database updates is enabled.

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.