Trojan Obvod is a malware which is designed to misguide people. It is very dangerous for your computer and you should remove it instantly. Trojan Obvod will sell your personal information like username password or credit card number to other malwares. It will also open your computer for many other malicious programs so you should remove it without giving a second thought. As manual removal process is difficult and even more difficult for those who have little knowledge about computers, this article will help you if you want to remove it manually. This article contains all the detailed steps which are necessary in order to remove Trojan Obvod effectively along with the process and file names that are used by the malware.

Remove Trojan Obvod Processes

  1. You will need to open the windows task manager so you can stop Trojan Obvod from working.
  2. Press the keys CTRL + Shift + ESC at a time to directly open the Windows task manger.
  3. Click on the tab called ‘processes’ among the many other tabs in the windows task manager.
  4. There will be four columns find the Trojan Obvod processes the column name called ‘image name’.
  5. The Trojan Obvod processes are:

%UserProfile%\Application Data\[RANDOM CHARACTERS].exe

%Windir%\Tasks\[1-48].job

%UserProfile%\Cookies\*ad*.txt

%UserProfile%\Application Data\Macromedia\Flash Player\*

  1. Click on the found processes and then click on the button ‘End processes’ which is at the end of the Windows task manger window.

Remove Trojan Obvod Registry key values

  1. To open the registry editor click on Start then click on the option Run.
  2. Write down regedit and click Ok.
  3. In the left section of the registry editor you will see a file menu with an option called Edit click on it.
  4. Now click on Find and type the Trojan Obvod registry values.
  5. Right click on the registry values and press Delete.

The Trojan Obvod registry values are:

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\[random]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\[random]

HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\[random]

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\svflooje\Enum\[random]

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “.exe”

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “”

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “CertificateRevocation” = ’0′

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “WarnonBadCertRecving” = ’0′

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop “NoChangingWallPaper” = ’1′

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations “LowRiskFileTypes” = ‘/{hq:/s`s:/ogn:/uyu:/dyd:/c`u:/bnl:/ble:/sdf:/lrh:/iul:/iulm:/fhg:/clq:/kqf:/`wh:/lqf:/lqdf:/lnw:/lq2:/l2t:/v`w:/rbs:’

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments “SaveZoneInformation” = ’1′

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableTaskMgr” = ’1′

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system “DisableTaskMgr” = ’1′

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download “CheckExeSignatures” = ‘no’

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main “Use FormSuggest” = ‘yes’

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced “Hidden” = ’0′

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced “ShowSuperHidden” = 0′

Remove Trojan Obvod other files

  1. Go to start and click on ‘All programs’.
  2. Now click on the ‘Accessories’ and then on ‘command prompt’.
  3. When the command prompt opens write down the name of the Trojan Obvod with directory name.
  4. If you do not know the directory of the file; use the command ‘dir’.
  5. When the file is opened type “regsvr32 /u SampleName.exe” and replace SampleName.exe with the following name:

%UserProfile%\[random].exe

%ProgramFiles%\Internet Explorer\Connection Wizard\[random]

%Windir%\Microsoft.NET\Framework\[random].exe

%System%\[random].exe

%Temp%\[random].bat

Remove Trojan Obvod DLL Files

Open the command prompt using the above mentioned method and replace SampleName.exe with the following files:

qqgmd.dll

hogra.dll

cryptnet32.dll

AudioEng32.dll

api-ms-win-core-misc-l1-1-032.dll

avifil3232.dll

6to4ex.dll

8hhs04Pm.dll

Iasex.dll

NTINl3.dll

memogusu.dll

msii.dll

e76c33fc.dll

lalsmsD.dll

lerfmilm.dll

lsdra09.dll

questbrwsearch.dll

atiumdag32.dll

vcdexx.dll

ooleres.dll

mswmdmm.dll

lqamfocrysnfh.dll

6678c8c9-dced-27a4-4990-a61210bbaac3.dll

4c3bfad2.dll

wupps2.dll

dimsntfyy.dll

FastUserSwitchingCompatibilityex.dll

yc72125.dll

xpPathCmds.dll

wiapw40.dll

tmp3.dll

orayjcdlcuhn.dll

oltrdvc.dll

KBDAPG2.dll

GoogleToolbars1.dll

api-ms-win-core-file-l1-1-032.dll

Ati2evxx32.dll

browsewan.dll

b778.dll

AUDIOKSE32.dll

epcorda.dll

apcantar.dll

ubohjssf.dll

ntrasruntime.dll

mspmsnsv.dll

wuden1n.dll

qbjdngffd.dll

Nwsapagentex.dll

MVCoCNCS.dll

ltie.dll

konvrasy.dll

gggg7.dll

FastUv32.dll

appmgmts.dll

6to4v32.dll

lmsxsltsso.dll

dskclean.dll

AdobeMngPlug.dll

wpxutuie.dll

tmscfca.dll

qefsjas.dll

nep326.dll

mcash40.dll

kyojah.dll

ibebenuwiqin.dll

gpkcsp32.dll

fontsub32.dll

fdWSD32.dll

deskmon32.dll

d3dim32.dll

usp10.dll

Omahonafazeq.dll

aaclient32.dll

WLCtrl32.dll

apsaps.dll

 

How to remove Trojan Obvod?
Tagged on:             

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>