What Are Teller Windows?
Trojan-Downloader.Win32.Deskbar.a is a Trojan virus. After the virus runs, it will release the virus file to% Windir%, connect to the network, download the virus file to run locally, add the registry startup items to achieve after booting The purpose of running the virus. Use BHO object to customize IE, change homepage and default search engine, monitor IE behavior, etc.
Trojan-Downloader.Win32.Deskbar.a
- This entry lacks an overview map . Supplementing related content makes the entry more complete and can be upgraded quickly. Come on!
- Trojan-Downloader.Win32.Deskbar.a is a Trojan virus. After the virus runs, it will release the virus file to% Windir%, connect to the network, download the virus file to run locally, add the registry
- Virus name: Trojan-Downloader.Win32.Deskbar.a
- File MD5: C78AF6ADA588A283BF73FC02FF03FF42
- Disclosure: Fully public
- Hazard Level: Medium
- Infected system: Win9X or higher
- Development Tools: Microsoft Visual Basic 5.0 / 6.0
- Named comparison: destroyer [Trojan.Downloader.12194]
- 1.Release the following copies and documents
- % Program Files% \ Deskbar \ Cache
- % Program Files% \ Deskbar \ deskbar.dll
- % Program Files% \ Deskbar \ deskbar.inf
- % Program Files% \ Deskbar \ deskbar.crc
- % Program Files% \ Deskbar \ inst.bat
- % Program Files% \ Deskbar \ basis.xml
- % Program Files% \ Deskbar \ about.html
- % Windir% \ teller2.chk
- % Windir% \ keyboard1.dat
- C: \ kybrdff_13.exe Trojan-Downloader.Win32.VB.alg
- C: \ dfndrff_13.exe Trojan-Clicker.Win32.VB.ly
- C: \ deskbar.exe
- 2.New
- 1.Use the Antiy Trojan defense line to completely remove the virus (recommended)
- 2. Manually delete, delete the corresponding file according to the behavior analysis, and restore the related system settings.
- (1) Use Antiy Trojan Defense Line "Process Management" to close the virus process
- dfndrff_13.exe
- kybrdff_13.exe
- explorer.exe
- (2) Delete the virus file
- % Program Files% \ Deskbar \ *. *
- C: \ kybrdff_13.exe
- C: \ dfndrff_13.exe
- C: \ deskbar.exe
- % Windir% \ teller2.chk
- % Windir% \ keyboard1.dat
- (3) Restore the registry entries modified by the virus and delete the registry entries added by the virus
- HKLM \ Software \ Microsoft \ Windows \ CurrentVersion
- \ Explorer \ Browser Helper Objects
- DeskbarBHODeskbarDeskbar% program files% \ deskbar
- \ deskbar.dll
- HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows
- \ CurrentVersion \ Run \ defender
- Key: String: "c: \\ dfndrff_13.exe"
- HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows
- \ CurrentVersion \ Run \ keyboard
- Key: String: "c: \\ kybrdff_13.exe"
- HKEY_CURRENT_USER \ Software \ DBTB00001 \ Deskba
- r \ firstURL
- Key: String: http: //deskbar.*****dtostart.com
- /installed.asp
- HKEY_CURRENT_USER \ Software \ Microsoft \ InternetExplore
- r \ Main \ Default_Search_URL
- Key-value: String: "http: //sear****r.findthewebsiteyouneed.com"