Win32 Virus - How to Remove Win32 Virus Trojan Proxy

This Trojan program makes it possible for a remote malicious user to use the machine as a proxy-server.

A proxy server is a server (a computer system or an application program) which services the requests of its clients by forwarding requests to other servers. So in simple terms, the Trojan-Proxy virus uses your computer as a host to sell to spammers. Ever wondered where all your internet bandwidth has gone?

The Trojan itself is a Windows PE EXE file written in Visual C++, packed using UPX. The file can be between 39KB - 53KB in size.

An example of a Trojan horse virus would be that a program you may have downloaded which you think is something simple like a screensaver program named "exotic-cars.scr" which seems to be a car desktop screensaver. When you install it, it instead unloads hidden programs, commands, scripts, or any number of commands with or without you knowing it is doing it in the background.

Trojan Horse programs can often be used to bypass security protection you have on your system which causes you system to be left without any protect and gives the hacker full access to your machine.

===> Win32 Virus Removal Tool (free download)

The Trojan creates a unique identifier, "Windows-Update-Service" to flag its presence in the system.

Once launched, the Trojan listens on a random TCP port to realize the proxy-server function. The number of the port chosen is randomly generated, and will be in the range 1025 - 5024. If it is not possible to listen on this port, a new attempt will be made, with the port number being regenerated.

The worm then establishes a connection to cb.im***itethinking.biz. If this is unsucessful, the attempt will be repeated at 15 minute intervals.

If the connection is successful, the number of the port which the Trojan is listening on will be encoded and transmitted to port 3878 on the server in encrypted form.

Once the remote malicious user receives this data, s/he will be able to use the victim machine as a proxy-server.

Removing a virus can be done manually, however you will need to understand how to edit the system registry and be able to troubleshoot various problems with your computer system. Viruses are persistent and removing one can take a considerable amount of time and knowledge of how an operating system works. You will also need to know how to edit registry to delete virus and stop it from reinstalling each time you connect to the internet.

Removal Instructions

1. Determine the name of the Trojan program by using regedit or another utility to edit the system registry. View the "Services" parameter in the [HKLM\Software\Microsoft\Windows\CurrentVersion\Run] key; this parameter gives the full path to the malicious program.

2. Use Task Manager to terminate the process with the Trojan name.

3. Delete the original Trojan file.

4. Delete the following value from the system registry key:
[HKLM\Software\Microsoft\Windows\CurrentVersion\Run]
"Services"=""

Win32 worms generally are set to run automatically when you start your computer or even register themselves to be run when any other application is started. Unfortunately, you can't just delete the worm file or your computer system might not be able to start your applications (such as Explorer) any more.

In order to effectively remove the worm from your computer system, it is often necessary to make additional changes to your system registry. Editing the system registry isn't easy. It can be done but can be difficult for those who aren't computer technicians.

There is an easier way to remove the Win32 worm which is a fully automatic, EASY and INTELLIGENT solution.

Try the multi award winning PC Tools Spyware Doctor with anti virus which is designed to remove Win32 worms effectively. Also you can EASILY eliminate any other viruses and malware from your system than doing the manual methods.

Antivirus Plus: The best antivirus and antispyware software

The best way to get complete protection from the most dangerous threats on the Internet - spyware, viruses, data theft and hackers - in a single, easy-to-use solution such as Anti-Virus Plus software.

AntiVirus provides real protection against security threats such as viruses, spyware, adware, worms, Trojans, key loggers, and rootkits.

In addition, AntiVirus monitors all traffic to and from your computer, so you'll always know what's happening and if your computer is being attacked. You'll easily be able to block hackers attempts to access your computer, and your personal information on the internet.

This particular type of malware tries to collect financial details from people - think bank account numbers and passwords, credit cards info, and so on - and so has the potential to cause quite a bit more damage than some viruses. An individual might lose his savings, not just have his computer slow down or die.

The Zeus trojan is a bit aggressive in that it spreads through social networks like Facebook, too, and not just through sites and email attachments. Zbot uses a wide variety of social engineering tricks to spread through a variety of methods, including spam email and web downloads. It created a large botnet that collects information about victim's credit card, banking and social network logins

Win32:Badtrans [Wrm]
Win32:Beagle [Wrm] (aka Bagle), variants A-Z, AA-AH
Win32:Blaster [Wrm] (aka Lovsan), variants A-I
Win32:BugBear [Wrm], including B-I variants
Win32:Ganda [Wrm]
Win32:Klez [Wrm], all variants (including variants of Win32:Elkern)
Win32:MiMail [Wrm], variants A, C, E, I-N, Q, S-V
Win32:Mydoom [Wrm] (variants A, B, D, F-N - including the trojan horse)
Win32:Nachi [Wrm] (aka Welchia, variants A-L)
Win32:NetSky [Wrm] (aka Moodown, variants A-Z, AA-AD)
Win32:Nimda [Wrm]
Win32:Opas [Wrm] (aka Opasoft, Opaserv)
Win32:Parite (aka Pinfi), variants A-C
Win32:Sasser [Wrm] (variants A-G)
Win32:Scold [Wrm]
Win32:Sinowal [Trj] - variants AA, AB
Win32:Sircam [Wrm]
Win32:Sober [Wrm], variants A-I, J-K
Win32:Sobig [Wrm], including variants B-F
Win32:Swen [Wrm], including UPX-packed variants
Win32:Tenga
Win32:Yaha [Wrm] (aka Lentin), all variants
Win32:Zafi [Wrm] (variants A-D)

* Backdoors
* General Trojans
* PSW Trojans
* Trojan Clickers
* Trojan Downloaders
* Trojan Droppers
* Trojan Proxies
* Trojan Spies
* Trojan Notifiers
* ArcBombs
* Rootkits