Toxbot

Toxbot is a backdoor Trojan. It opens a channel through IRC for the attacker to access the infected computer. One infected, the attacker has access to everything on the computer including e-mail, passwords, personal information, and files.

Threat
Toxbot

Alias
W32.Toxbot

Related Files
TrkWksrv.exe, dxdllsvc.exe, ciclient.exe, dhcpclient.exe
Random files names 8 characters long

Removal

Due to the random file names, a spyware scan must be completed before attempting to remove Toxbot manually.
Manual Removal Instructions:
1.    Run an anti-spyware program
2.    Delete all infected files.
3.    Delete the following registry values
a.    HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SafeBoot\Minimal\[RANDOM FILE NAME]
b.    HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SafeBoot\Network\[RANDOM FILE NAME]
4.    Delete the following registry keys
a.    HKEY_LOCAL_MACHINE\System\CurrentControlSet\Enum\Root\LEGACY_[RANDOM FILE NAME]
b.    HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\[RANDOM FILE NAME]
c.    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DHCP Client
d.    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DHCP Client
e.    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DHCP_CLIENT
f.    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DHCP Client

Software Removal Instructions:

Using anti-spyware software is the only way to guarantee removal. Not all anti-spywares are the same. ZookaWare PC Cleaner is the only one with a 100% removal guarantee and a 60-day money back guarantee.

Download Free Scan
ZookaWare runs on Windows Vista, 7, 8 and 10. It has no ads, popups or bundled software and fully uninstalls by clicking Start > All Programs > select ZookaWare and click Uninstall.

Leave a Reply

Your email address will not be published. Required fields are marked *

css.php