Backdoor.Win32.Clampi.a Removal Procedures


Backdoor.Win32.Clampi.a is a Trojan program created to steal confidential user data and distantly manage the victim's computer.

Backdoor.Win32.Clampi.a is a Windows PE EXE file. The size of Backdoor.Win32.Clampi.a is 470 bytes. Backdoor.Win32.Clampi.a downloads various codes from servers. These codes can be changed or replaced with other malicious codes. It is about 470 bytes in size.
When launched, the Trojan creates the following file:
%AppData%\<name>.exe
<name> is chosen at random from the list below:
dumpreport
msiexeca
svchosts
upnpsvc
service
taskmon
rundll
helper
event
logon
sound
lsas

Trojan adds a link to its executable file in the system registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run]
“<name2>” = %AppData%\<name>.exe

<name2> is chosen at random from the list below:
CrashDump
svchosts
EventLog
TaskMon
Windows
RunDll
System
Setup
Sound
lsass
UPNP
Init

How to remove?
Step 1 : Use Windows Task Manager to Remove Backdoor.Win32.Clampi.a Processes
Remove the "Backdoor.Win32.Clampi.a " processes files:
%AppData%\<name>.exe
Step 2 : Use Registry Editor to Remove Backdoor.Win32.Clampi.a Registry Values
Locate and delete "Backdoor.Win32.Clampi.a " registry entries:
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Settings\"PID
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Settings\"KeyE"
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Settings\"KeyM"
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Settings\"GID"
"<name2>" = %AppData%\<name>.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\Run]

Step 3 : Detect and Delete Other Backdoor.Win32.Clampi.a Files using "Find" on your Windows Eplorer
Remove the "Backdoor.Win32.Clampi.a " processes files:
%AppData%\<name>.exe
That's all, I hope will be usefull for you...
Please say thanks to viruslist and spywareremove

No comments:

Post a Comment