Trojan.Downloader

From Wiki-Security, the free encyclopedia of computer security

Trojan.Downloader Information
Type: Spyware
Analysis: Installs & gathers info from a PC without user permission.
Infection: By downloading freeware & shareware.
Symptoms: Changes PC settings, excessive popups & slow PC performance.
Detection Tool: >>> Download SpyHunter's Spyware Scanner <<<
Notice:






SpyHunter's spyware scanner is intended to quickly scan and identify spyware on your PC. If you wish to eliminate spyware from your PC and prevent future spyware attacks, we recommend you buy SpyHunter's spyware removal tool, which includes full technical support and a Spyware HelpDesk to tackle spyware that is uniquely affecting your PC.
IE Alert:


If you are using Internet Explorer and can not download SpyHunter, please use a different browser like Firefox or Chrome.

Trojan.Downloader is an application that will download and install other Trojans onto your computer. Trojan.Downloader can connect to the Internet to transmit information via HTTP. After installation, Trojan.Downloader will download and install other malicious adware, Trojans, and viruses onto your computer without your knowledge or consent. Trojan.Downloader malware can log your typed keystrokes and send confidential personal and financial data (including banking information, credit card numbers, and website passwords) to a remote hacker. Trojan.Downloader parasite is highly dangerous, can download and execute other malicious programs, and opens a huge security hole on your computer.

To check your computer for Trojan.Downloader, download SpyHunter Spyware Detection Tool.

SpyHunter spyware detection tool is only a scanner meant to assist you in detecting Trojan.Downloader and other threats. If you detect the presence of Trojan.Downloader on your PC, you have the opportunity to purchase the SpyHunter removal tool to remove any traces of Trojan.Downloader.

Contents

Detection of Trojan.Downloader (Recommended)

Trojan.Downloader is difficult to detect and remove. Trojan.Downloader is not likely to be removed through a convenient "uninstall" feature. Trojan.Downloader, as well as other spyware, can re-install itself even after it appears to have been removed.

You also run the risk of damaging your computer since you're required to find and delete sensitive files in your system such as DLL files and registry keys. It is recommended you use a good spyware remover to remove Trojan.Downloader and other spyware, adware, trojans and viruses on your computer.

Run a Trojan.Downloader scan/check to successfully detect all Trojan.Downloader files with the SpyHunter Spyware Detection Tool. If you wish to remove Trojan.Downloader, you can either purchase the SpyHunter spyware removal tool to remove Trojan.Downloader or follow the Trojan.Downloader manual removal method provided in the "Remedies and Prevention" section.

Method of Infection

There are many ways your computer could get infected with Trojan.Downloader. Trojan.Downloader can come bundled with shareware or other downloadable software.

Another method of distributing Trojan.Downloader involves tricking you by displaying deceptive pop-up ads that may appear as regular Windows notifications with links which look like buttons reading Yes and No. No matter which "button" that you click on, a download starts, installing Trojan.Downloader on your system. Trojan.Downloader installs on your computer through a trojan and may infect your system without your knowledge or consent.

If you think you may already be infected with Trojan.Downloader, use this SpyHunter Spyware dectection tool to detect Trojan.Downloader and other common Spyware infections. After detection of Trojan.Downloader, the next advised step is to remove Trojan.Downloader with the purchase of the SpyHunter Spyware removal tool.

Symptoms

Trojan.Downloader may attempt to change your computer's desktop, hijack your browser, monitor your Internet browsing activities, change system files, and can do this without your knowledge or permission. Therefore, it is strongly recommended to remove all traces of Trojan.Downloader from your computer.

Remedies and Prevention

Trojan.Downloader, as well as other Spyware, are constantly evolving and becoming more advanced to avoid detection. Trojan.Downloader along with its variants can install in different locations and even when you try to uninstall it you find they reappear when you reboot your computer.

Install a good anti-spyware software

When there's a large number of traces of Spyware, for example Trojan.Downloader, that have infected a computer, the only remedy may be to automatically run a Spyware scan from a good anti-spyware software designed to detect Trojan.Downloader and other types of spyware.

Remove Trojan.Downloader manually

Another method to remove Trojan.Downloader is to manually delete Trojan.Downloader files in your system. Detect and remove the following Trojan.Downloader files:

Processes

  • kl1.exe
  • ms1.exe
  • tool2.exe
  • tool4.exe
  • tool5.exe
  • toolbar.exe
  • kybrdff_7[1].exe
  • nwnmff_7[1].exe
  • pschdprf.exe
  • cic.exe
  • b122.exe
  • b124.exe
  • mc-0-0-0.exe
  • dmband.exe
  • laf1.exe
  • 1189461984[1].exe
  • CPpassword.exe
  • plite731.exe
  • kqdsrngj.exe
  • mljul1.exe
  • spoolc.exe
  • qiawpbjj.exe
  • mscorsvc.exe
  • Gwang.exe
  • ss245sd.exe
  • %SYSTEMROOT%\system32\qgc37cj0ecdj.exe

DLLs

  • kqvgxa.dll
  • khfgh.dll
  • movctrlswd.dll
  • qiawpbjj.dll
  • movctrlnkd.dll
  • vtstu.dll
  • blackbo.dll
  • nnnol.dll
  • urqpn.dll
  • ljjgffc.dll
  • mspoolg.dll
  • jkkjigf.dll

Other Files

  • pschdprf
  • cic
  • ms
  • KB_2874.tpk
  • msconfig
  • Update Checker
  • AntiVir
  • Windows Update
  • plite731
  • e4e87def
  • 6887f700
  • 0D-D4-40-0C-ZN
  • 3cc0d4a3
  • 78f2a073
  • 6ca52554
  • 1103768a
  • 847a8a58
  • 08a1bf1e
  • d45a08da
  • c8347858
  • fabcvwpo
  • vjnacnkj
  • 12ccff32
  • rktqjqvq
  • 02e224b4
  • 68eb62da
  • 0053c070
  • 2629165f
  • 7c970f2d
  • 90f32b67
  • dwhcdglq
  • 5424edb5
  • ff1482e11692
  • dumprep
  • 8c4187fe
  • ms0653405-14619
  • amb1avl
  • ss245sd

Registry Keys

  • SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\2C1CD3D7-86AC-4068-93BC-A02304B25319
  • SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\DCOM Server 25319
  • 2C1CD3D7-86AC-4068-93BC-A02304B25319
  • 25A6ED23-77B4-4739-955A-8BB38613F9A8
  • SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE\Windows Update
  • SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE\msconfig
  • SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE\icq lite
  • SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE\Update Checker
  • SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE\AntiVir
  • SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCEEX\Windows Update
  • SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCEEX\msconfig
  • SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCEEX\icq lite
  • SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCEEX\Update Checker
  • SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCEEX\AntiVir
  • 64DE95E5-0A25-4DD9-A472-97BC1D419101
  • 026B5895-3E8E-49A9-8EEE-B52A326DA962
  • 837113F0-319A-4A75-A5D3-0ADF4640EE77
  • 54a1e754-8661-49e0-842e-3be4a66475d9
  • EA5159DF-E413-4878-8AE2-D921D41BB942
  • 077F45D5-5CC9-4FC8-A7BB-9D79836A6066
  • 2A611133-1C57-4DFB-A05C-07EE3BFE6D34
  • 1E01446D-3DC7-4360-A0BF-1B6F557AE8B1
  • 77852FF1-628F-419C-9FF6-1E75B86CCEDC
  • c72f9d9a-c35b-41b4-9b07-4b845cbe4339
  • 0B210029-331D-4B01-8E80-015125B9B0FB
  • 699CCB54-DF3A-3CCC-D0C2-09D201ACF493
  • A4FC4DC5-43B0-4724-AF92-01D80504B849
  • MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\olddejdj
  • 81e93f80-0bdd-4dad-a9f6-904db2800540
  • 90FDA46E-18F4-1828-DA2D-4FE6718F0AC3
  • 42e2623c-5f4b-4397-bc3b-f62abe7b733a
  • eb46466d-d14a-4f6f-86e7-243651edfdd9
  • 8e731b10-a375-4fcb-9052-643d77696a27
  • 65ec4079-7926-4f26-9f86-6bf983ebb4b3
  • 422e69af-0d45-4145-af18-cf0941891b3e
  • a3eefee9-3a79-460b-8530-97c0b7c5d27e
  • e8ae9c33-f9d7-43ff-bddf-0707f961c653
  • 7d46ba05-6242-439f-afbd-228479985812
  • 7aaebf8f-a508-446d-b170-a717815fc22b
  • a3586d0d-f567-4be8-9c0e-1573c075be00
  • d29e6cf6-5f82-4477-b9d3-1858df1cc1a8
  • 4d7e0139-fc71-4ad9-9abb-5da734cf883a
  • 3573A527-7FAF-BCA0-73ED-9D85A727520D
  • MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\ljjgffc
  • 27d923dd-c2e7-499d-a16c-0aa63c5a57e3
  • 73805ED7-23FC-4402-AFC3-42D549323872
  • 4d8aa267-8126-4e8d-b3e8-585832868c33
  • 61667fc3-0919-41a0-b9b8-4e5dfd23c8eb
  • 4cc6dae6-d167-4952-aa08-0918b630284e
  • 5db8c2ef-9ed0-4d24-ad9d-9a4951e3c61c
  • 49C50367-BA7D-4AE3-9C7E-030134CD7A73
  • a70ef39a-9451-4fea-bd19-f6aafe3634ff
  • 5ebf95b4-50ca-42f3-a00a-52b66b633757
  • 1c9651db-d1a5-4757-882b-b415136835ad
  • 8cb66675-8bbd-466c-a59d-577e4adcf62e
  • ae25e6f3-60cf-41ad-afa1-74f160215d7f
  • 2658503f-762e-4d3a-a8e9-5d73b7d9638d
  • 2d69ea1a-2a75-4b44-b0b0-77acf7ea91df
  • dbe2bbbe-1dd1-11b2-88c2-8a421bb88069
  • b3d7ce06-1dd1-11b2-b4cf-9f95ced31bff
  • 6ba3053c-1dd2-11b2-ae7d-96c6bd596e4d
  • DE10EC7E-9A2B-4E04-B38E-4BFF3D609394
  • f89a7e31-9f17-4564-8ea7-2acd8c0c37f7
  • 4511a124-01e0-4710-9975-bd4b62936594
  • 070b50f0-d08b-4c6f-812e-9578f4307561
  • f08f1b3c-dcc8-4529-892a-073019dca0a1
  • 0b4a20fb-2588-4c91-a57b-d2191eeaefb5
  • SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\kopmet
  • MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\faxccexd
  • MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\yopketr
  • MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\debgeecj
  • 566843F7-E0B5-4D9F-A083-717B0E140449
  • 5E8505A5-9458-442B-B58B-792A54A4A25C
  • 509cf0a3-0665-4311-82c0-8dafd46e5559
  • dcfb195a-8918-4d7c-aaf7-3421a84b0242
  • e848267d-a6da-4cad-b9e3-4fbdb4c8040d
  • 46f2653c-3030-42e5-8c94-fb62bddf4c5c
  • DABCE839-3831-3818-AF3A-47D47A738D32
  • 490e53f1-0c6c-4c1c-9b7d-2f7117e4b3c0
  • 4057003f-3d33-40bf-b34b-ec483cb2715e
  • ef1a6106-a462-49da-afc0-891db42202a6
  • 1e1b43d2-0b3f-436d-b16e-d0064551cda9
  • 7ea00ec9-de1a-4b26-ade6-4acfc8b40fe6
  • 3aa4deba-1206-48ae-ac8f-d59cba9fd3db
  • c16faf9b-efc6-41a7-ae73-2dbcc802a7bf
  • E2ADC5E5-8329-494E-BEBF-4C8B26EAF961
  • 7D6BD34C-52A3-4CC4-ADC3-A94F931018DA
  • a1a31273-44b8-4071-9868-f8a30edc2839
  • 6fe80bde-be8f-4547-85f5-a3df0e4ec66a
  • 5196c162-6c6d-48a5-9cc9-7c41d6d943c6
  • 43b0e45c-43c4-42cb-86d9-d3c2e6e92235
  • 4be816b5-2e1e-4f74-98dc-2d76d34c0efb
  • c84a43a3-89ac-4369-820c-3c23c827d29c
  • 9aa153ab-f39f-4699-bdd1-6fa3c936cac0
  • 70179780-cd93-4e70-a5e9-db62df4c398b
  • MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\azlcfzce
  • 01882e74-9b04-431b-a235-2817018b28d6
  • 191bd78d-5a5c-4667-a8ac-566786e11a20
  • 38bca804-d16b-43b6-92c0-9b1e34350dce
  • eddfe414-341c-44d5-bcb1-e988877dcbc3
  • b58fb0c5-9383-4704-95b9-6b1f99bb5c07
  • e1d8af49-7537-474b-b3d0-111fefd430ff
  • 3FED8284-5ECC-6327-8189-0710C88E2013
  • ed3a343c-35cd-48dd-b1b5-0abfe96f6bc9
  • eaf0ddd0-0b4f-4c95-9706-cde3f9b2ed74
  • ccf4e543-bb30-432c-98f0-4d21ce7c7c8b
  • 89146c4c-1dd2-11b2-adad-c358645d6bb7
  • d09cb156-760b-4938-9468-d480fb571007
  • f3ff1d38-4fcd-4b80-8a5d-c273716238e9
  • 0eaf4179-5c06-4b4d-af44-4b02ac25aef6
  • 688d7b7f-cc73-4a68-ad8c-3ae2c9de1d19
  • 52134fce-4c2c-4458-aa18-211da5805626
  • 59403450-1dd2-11b2-98d9-e644dabcacca
  • 4e093368-a2f7-472f-bc6f-84ba78efcd83
  • 8f44c20b-e2c2-413f-bb54-8968540d9476
  • 6f3cb9ed-4728-40f2-80a0-a84bbddb361f
  • 48dbc621-6c51-4ef4-9647-9678858246f3
  • bb252373-e804-4560-afc9-158820b2cae3
  • 7DC3167A-D0FD-401C-A1B3-C58448F0CCCA
  • 90b58bb7-2fae-4293-91f1-5339526a355b
  • 13392b13-5f26-4ef5-820d-efaaaf1fb749
  • 12792359-f28c-4bf8-94f8-f37748308efb
  • 5750cfd7-e2fb-4444-beb7-f7a9582909f3
  • 795a0c3d-4ef0-4299-98a1-4d40dad1321e
  • 1201d665-e738-4369-ac42-003dd9144e2f
  • e8b1d56e-6c81-4310-b73b-c18c42d73f59
  • c2431551-17f0-4938-9012-bddeb6317ba2
  • 61f92c80-455d-445b-a8a9-8ef53df88ea6
  • f58b2722-ea38-41a4-a0a1-b772025e59e5
  • d6575335-5c45-44da-92f8-03002d3216ce
  • cb0ef10b-fc65-4e20-80ce-09c53091c90b
  • d7b03c8e-1dd1-11b2-acec-af11156266c3
  • 0599daa2-f350-4d0e-b5d9-1ff8e8e29430
  • 0068048F-386D-46D6-A212-EBC90F853F67
  • 9ecdbad4-4786-407e-abda-6f8e9ffb4005
  • 8e7ef0bb-ca5d-42ea-8e44-5003b527785c
  • f3e74aca-0917-45ac-b6b9-025643c5ad3e
  • 321dd63c-3a5f-42be-a702-0ed8c7b9a0ea
  • c7389e12-4262-4ec3-9b2a-e19212f3977a
  • 5FFA5996-C950-1073-C115-B4C6355BB12D
  • 8C4586DC-DB58-4B44-8AAB-72CF1EFEA458
  • a54a2d4e-9056-4503-9f1f-fce9b72e814a
  • 1BA51A75-AE89-E063-3687-7AF6302BED3F
  • 1FCA4D55-F109-2968-990B-6B9A02FFFD1F
  • 060fad21-0e2c-4eb7-9b6a-f0f3196bfa47
  • 6fcb5896-3d92-4500-a6b8-2c59e91389fa
  • 6b45b3d0-a80a-437d-9c76-5480c682d1f2
  • MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\ercncdfl
  • 9808ba7d-2638-44e4-9610-9712efc469b4
  • 1516CAC1-5224-0AAF-0216-5E00BBCD8CCF
  • 0d1f1703-3863-4b91-9200-6e0ad3dc6f8f
  • 13586fd0-d889-4c0a-8efd-65dc2da92cf0
  • 70d1de45-4297-4331-8e41-8a1dfde53b0c
  • c4cd831b-a5e4-4763-a218-084c768dee0e
  • MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\gokmpqms
  • Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\bbdefaadbffd
  • c2680e10-1655-4a0e-87f8-4259325a84b7
  • e9306072-417e-43e3-81d5-369490beef7c
  • bb85f221-f230-420e-943b-6d05d59d2557
  • 87be23cd-03f6-40ec-8e04-8763b02d24e1
  • f15def2c-9d79-4527-97eb-0249dda2b0d9
  • f9da900f-ea15-4c3f-9330-185a166f2a3e
  • 9b77af5e-8873-4714-8cb5-3b9fc5f08d3c
  • cd4576e2-1dd1-11b2-9019-b8cadbbbf98a
  • ca05f27f-7744-41e5-99f6-3f5b64a313b8
  • f95ce9c5-6a71-4a6d-ad27-238b5ec28b7d
  • 6f881c21-308a-4542-96e3-622c66be1b3b
  • de6a503f-d346-4564-949a-9df8d20ad8d3
  • b1697b83-5da4-48c3-9051-aa23f450a4ae
  • 31468400-8f1b-4c37-a29e-05a147c84bdf
  • 529a7a53-3299-4bd0-bb59-df74cc290202
  • e903bf51-9028-452d-88e5-de69ae14a026
  • 4c162e7b-e5fc-4713-9034-be64a70a5c46
  • 3FD348FA-3E39-43E1-B758-0834CA9FB646
  • 64463810-1dd2-11b2-b516-d12a2a9349d5
  • DABFC839-F831-3D1A-A33A-A7D4BA7C8D3D

External links

PC Infected

If your computer is running slow, or making excessive popups, you may be infected with Spyware.

Click here to Download SpyHunter's Spyware detection tool.Click here



Disclaimer Information
This website, its content or any portion of this website is NOT affiliated with, connected to, or sponsored by Trojan.Downloader or its creators in any way. This website does not advocate the actions or behavior of Trojan.Downloader and its creators. Our objective is to provide Internet users with the know-how to detect and remove Trojan.Downloader and other Internet threats.

The readers of this article should not mistake, confuse or associate this article to be an advertisement or a promotion of Trojan.Downloader in any way. The content provided on this website is intended for educational or informational purposes and is provided "AS IS" with no warranties, and confers no rights.
Views
Navigation