Monday, October 8, 2012

How to remove byshcdzyuhso.exe Ransom Trojan

byshcdzyuhso.exe is a serious trojan horse with a random name that is extremely dangerous for your computer. This guide is meant to give clear and up-to-date removal instructions on successful elimination of this scam from your system. Please be careful while you read this post, make sure you follow these tips carefully, with implementation of each recommended step.

Basic info:

  • Threat Level: 7/10
  • SHA256: 63d20df04f2f16e6e6621328cd7dffd287aed2fd69392ac0cf641b123d2eb69c
  • SHA1: 8fc59e5ab3a7abdce36dc1cf887d252f35d98043
  • MD5: e2569d952c0c48976c20758fd13e6155
  • File size: 94.5 KB ( 96768 bytes )
  • File name: byshcdzyuhso.exe
  • File type: Win32 EXE
  • Tags: peexe
  • Detection ratio: 9 / 42
  • Analysis date: 2012-09-12 14:47:01 UTC

Aliases:

  • AhnLab-V3 Trojan/Win32.Jorik
  • DrWeb Trojan.DownLoader6.53690
  • Emsisoft Trojan.Win32.Menti!IK
  • Ikarus Trojan.Win32.Menti
  • Kaspersky Trojan.Win32.Menti.omyj
  • Symantec Suspicious.Cloud.5
  • TrendMicro-HouseCall TROJ_GEN.F47V0912

Manual byshcdzyuhso.exe removal guide:

1. 1. Boot into Debugging Mode To get into the Windows Debugging Mode, as the computer is booting press and hold your “F8 Key” which should bring up the “Windows Advanced Options Menu” as shown below. Use your arrow keys to move to “Debugging Mode” and press your Enter key.

2. 2. Delete the files. 2.1 Open My Computer window. Enable hidden and system files and folders display. 2.2 Navigate to the following folders and delete the files named ‘byshcdzyuhso.exe’:

3. 3. Run Windows RegEdit program to fix the registry entries. After you boot in Debugging mode, press ‘Start+R’ keys simultaneously, and enter ‘regedit’ as shown below: 3.1 Delete AutoRun parameter in ‘HKEY_CURRENT_USERSoftwareMicrosoftCommand Processor’ Windows Registry Key. Once you run Regedit program, navigate to ‘HKEY_CURRENT_USERSoftwareMicrosoftCommand Processor’, find the ‘AutoRun’ parameter on the right and delete it (right click –> delete or ‘Del’ on keyboard). 3.2 Change the value of ‘Shell’ parameter in ‘HKEY_LOCAL_MACHINESoftwareMicrosoftWindows NTCurrentVersionWinlogon’ Registry Key to Explorer.exe. 3.3 Delete ‘DisableTaskMgr’ parameter in ‘HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem’ Registry Key

4. 4. Once you made the actions listed above, close Regedit, and reboot in normal mode.

SOURCE: http://trojan-removal-guide.com/how-to-remove-byshcdzyuhso-exe-ransom-trojan/
Автор: на
Ярлыки: , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)