Thursday, October 4, 2012

Know How: How to Spot and Delete Trojan:Win32/Medfos.B Completely?

Trojan:Win32/Medfos.B is a member of the  Win32/Medfos family that redirect the web browsers Internet Explorer, Mozilla Firefox or Google Chrome to other sites.

Here will give you some details on what Trojan:Win32/Medfos.B does on Internet Explorer, Mozilla Firefox or Google Chrome respectively. After that you'll find a way out, or you can simply ask for real-time help from Tee Support experts 24/7 available if you are a computer novice.

A: Internet Explorer

There are several pay-per-click advertising websites that you'll be redirected to when you enter website address or search queries with Internet Explorer:
  1. googleppcfeed.com
  2. highfeedstream.com
  3. livefeedstream.com
  4. marketingppcfeed.com
  5. payviaclick.com
  6. ppcstream.com
  7. theppcfeed.com
For a successful redirection, the Trojan usses one of the following uniform resource identifier (URI):

  1. <destination domain>/feed?type=live&ua=MSIE
  2. <destination domain>/feed?type=<website search>&ua=MSIE

B: Mozilla Firefox 

When you enter website address or search queries with Mozilla Firefox, the Trojan will redirects you to the same pay-per-click advertising websites as with Internet Explorer listed above,

The Trojan installs a Mozilla Firefox extension: %LOCALAPPDATA%\(random CLSID)\chrome\content\browser.xul. You can notice its existence when you see "Translate This! 2.0" on add-on as shown below:













For a successful redirection, the Trojan usses one of the following uniform resource identifier (URI):
<destination domain>/feed.php?type={type}&ua=Firefox&ip={random IP}&ref={website search}&uu={data}; 

C: Google Chrome

 When you try to go to or search in AOL, Ask, Bing, Google, Yahoo with Google Chrome, you'll be directed to:
  1. chrome-bulletin.com
  2. disable-instant-search.com/js/
  3. thechromeweb.com  
Trojan:Win32/Medfos.B drops the file "chromeupdate.crx" which  is a Google Chrome browser extension package containing "manager.js" that disguises itself as a legitimate Chrome extension in the %LOCALAPPDATA% folder. You can simply notice its existence when you see "ChromeUpdateManager 1.0" as shown below:









From the above mentioned,  it can be told as a devious one, since it disguises itself as legitimate, no Antivirus program is able to tackle it. Please resort to manual removal steps provided below or start a live chat with Tee Support agents 24/7 online for more detailed instructions.

What Is  Trojan:Win32/Medfos.B?

Trojan:Win32/Medfos.B is detected by Antivirus program as a surreptitious Trojan that targets compromised computers. Trojan:Win32/Medfos.B is no exception to commit typical behaviors:
  1. Does everything to slow down your system
  2. Fills up the hard disk space with unwanted malicious items and consumes a lot of CPU memory
  3. Installs additional malwares, fake anti-spyware, freeware etc.
  4. Deletes many system files and other important resources
  5. Transmits crucial user data on a remote server
The most evil behavior is to allow a remote hacker to take control of your machine and steal the personal information for illegal money-oriented purpose. You may get it by:
  • Opening spam email attachments
  • Downloading medias
  • Surfing on social networks
  • Getting other threats on the system beforehand. 

In such case, you should be very careful when you are getting online and please be assured that you have your latest updated Antivirus program on guard. However, once you get infected with the Trojan, manual removal approach is the top option so far, please set in motion by following the steps below or you are welcome to contact Tee Support experts 24/7/365 online for professional help.


 

How Do I Delete Trojan:Win32/Medfos.B?

Step1:Restart your system and get into the safe mode with networking As the computer is booting but before Windows launches, tap the "F8 key" continuously which should bring up the "Windows Advanced Options Menu" as shown below. Use your arrow keys to highlight "Safe Mode with Networking" option and press Enter key.

 

Step2:Please stop the processes listed below Press CTRL+ALT+DEL key to open Task Manager

                 
random.exe


Step3:Go to the Registry Editor to delete all related entries listed below Click “Start” menu, hit “Run”, then type “regedit” click “OK”.
           

Related registry keys:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion\Run\ Trojan:Win32/Medfos.B
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\[random numbers]
HKEY_CURRENT_USER\Software\Classes\.exe “(Default)” =’ah’
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command “(Default)” = “%LocalAppData%\.exe” –a “%1” %*

Step4: Delete related files and folders
                
%AllUsersProfile%\{random}
C:\WINDOWS\System64/32\svchost.exe
%AllUsersProfile%\Application Data\.dll
%AllUsersProfile%\Application Data\.exe

Video on How to Deal with Processes and Registries





Please be noted: since it might be superbly difficult to delete Trojan:Win32/Medfos.B manually, inexperienced Windows users with little knowledge about malware removal should resort professional help from Tee Support experts 24/7 available.

No comments:

Post a Comment