The is a Trojan horse that is considered as backdoor malware. It can be installed on your PC when you click on the attachment received from unknown senders through email, or click on the link while surfing on the internet. Once it installed on your PC, it will change the settings of your browser in a way that every time you try to search or open a page, it will redirect you towards certain fake websites where you are asked to buy different products. In enters into your system as a backdoor application that provide way to other threats which can cause severe damage to your computer. Once the detected in your computer, you need to get rid of this dangerous Trojan horse as quickly as possible. This malicious application has the ability to track record of your browsing activities, and keystrokes in order to transfer that data to the developers of this application.


Manual Removal of

The can be removed both ways, through the automatic removal tool, or through the manual removal method. One thing which you need to keep in mind that the manual method depends on your understanding of locating and deleting the associated files, and registry entries. Following are the steps of manual removal process of


Reboot Your Computer in Safe Mode

First of all you have to restart your computer, press F8 key and when you are able to see the boot option screen, select safe mode option. When you press Enter key, your computer will start in the safe mode.

End the Processes

Once your computer start working in the safe mode, you have to press Ctrl+Alt+Delete in order to start the task manager. In task manager you have to press the Processes tab, and identify the malicious processes that are related to the After identifying such processes, you have to End each process one by one by pressing theEnd Process button.

Delete Files and Folders

After ending the malicious processes, you have to open the file explorer, and look for the following suspicious files that are associated with the

  • %AllUsersProfile%\Application Data\~
  • %AllUsersProfile%\Application Data\~r
  • %AllUsersProfile%\Application Data\.dll
  • %AllUsersProfile%\Application Data\.exe
  • %AllUsersProfile%\Application Data\
  • %AllUsersProfile%\Application Data\.exe
  • %UserProfile%\Desktop\
  • %UserProfile%\Start Menu\Programs\\
  • %UserProfile%\Start Menu\Programs\\Uninstall
  • %UserProfile%\StartMenu\Programs\\


After locating these files, you have to remove them as soon as possible.

Clean the Windows Registry

Once you are able to get rid of the malicious files related to the, you need to open the registry editor and clean the registry without any further delay. In order to open registry editor you have to execute the  “RegEdit.exe through Run from the start menu. Once the registry editor started, you have to find and delete the following malicious entries:-


  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “.exe”
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “”
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “CertificateRevocation” = ’0′
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “WarnonBadCertRecving” = ’0′
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop “NoChangingWallPaper” = ’1′
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations “LowRiskFileTypes” = ‘/{hq:/s`s:/ogn:/uyu:/dyd:/c`u:/bnl:/ble:/sdf:/lrh:/iul:/iulm:/fhg:/clq:/kqf:/`wh:/lqf:/lqdf:/lnw:/lq2:/l2t:/v`w:/rbs:’
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments “SaveZoneInformation” = ’1′
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableTaskMgr” = ’1′
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system “DisableTaskMgr” = ’1′
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download “CheckExeSignatures” = ‘no’
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main “Use FormSuggest” = ‘yes’
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced “Hidden” = ’0′
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced “ShowSuperHidden” = 0′

When you delete each of the above mentioned entry, you have to close the registry editor, and restart the computer.

How to Remove ?
Tagged on:                     

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>