Toxbot
Title: Toxbot
Also Known as: W32.Toxbot
Severity scale:
Toxbot is a backdoor Trojan. It opens a channel through IRC for the attacker to access the infected computer. One infected, the attacker has access to everything on the computer including e-mail, passwords, personal information, and files.
Threat
Toxbot
Alias
W32.Toxbot
Related Files
TrkWksrv.exe, dxdllsvc.exe, ciclient.exe, dhcpclient.exe
Random files names 8 characters long
Removal
Due to the random file names, a spyware scan must be completed before attempting to remove Toxbot manually.
Manual Removal Instructions:
1. Run an anti-spyware program
2. Delete all infected files.
3. Delete the following registry values
a. HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SafeBoot\Minimal\[RANDOM FILE NAME]
b. HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SafeBoot\Network\[RANDOM FILE NAME]
4. Delete the following registry keys
a. HKEY_LOCAL_MACHINE\System\CurrentControlSet\Enum\Root\LEGACY_[RANDOM FILE NAME]
b. HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\[RANDOM FILE NAME]
c. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DHCP Client
d. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DHCP Client
e. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DHCP_CLIENT
f. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DHCP Client
Software Removal Instructions:
Using anti-spyware software is the only way to guarantee removal. Not all anti-spywares are the same. SpyZooka is the only one with a 100% removal guarantee and a 60-day money back guarantee.
