Monday, April 7, 2014

[Know How] Remove Trojan.Win32.Bublik.cfgi from Computers

Brief Introduction of Trojan.Win32.Bublik.cfgi


Trojan.Win32.Bublik.cfgi is a new detected Trojan Horse that mainly attack emails. According to the analysis report by Global PC Support Center that the Trojan is generated by a kit named   Bublik and is designed to help spread vicious codes through social engineering tools including email. Commonly, Trojan.Win32.Bublik.cfgi may:
  • Lower Internet browser security.
  • Disable the computer's firewall.
  • Steal user and computer information.
  • Allow unauthorized access and control of an affected computer.


Trojan.Win32.Bublik.cfgi Payloads


Trojan.Win32.Bublik.cfgi copies itself into multiple pieces and injects them to some pivotal sections, such as startup configuration, Database, drivers concerning security service and browser settings. Besides, Trojan.Win32.Bublik.cfgi would generate Mutex to guarantee that only one piece of copy is executing at a time and add the execution into explorer.exe. In such case, build-in security applications would encounter difficulty in tracing down the Torjan horse and remove it automatically as explorer.exe is considered to be legit and normal.

Next, Trojan.Win32.Bublik.cfgi would produce keys into startup configuration and establish registry entries to ensure that it will be woken up and get to work whenever Windows starts. By doing so, Trojan.Win32.Bublik.cfgi manages to keep on collecting cookies, information about emails as well as WAB (Windows Address Book).

Apart from the information security threat, Trojan.Win32.Bublik.cfgi could also bring in additional mechanical issues. It should be widely informed that Trojan.Win32.Bublik.cfgi has backdoor program which is mounted for inspection and improvement in the future. The backdoor program also has other capabilities such as bringing in additional infections without permission and authorization. That’s why more and more virus will be flagged and more CPU is consumed.

Thus, senior technicians from VilmaTech Online Support would like to advise that no visit to spam or suspicious sites, no open up strange documents and emails, install and update security patch for installed applications as well as OS, update to the latest virus code to reduce the risk of getting affected by virus like Trojan.Win32.Bublik.cfgi.



How to Remove Trojan.Win32.Bublik.cfgi – Self-help Guide


Kasperski detected the following threat in an email. Nothing happens when I click "Fix" and I can't find any info online to remove.
Trojan.Win32.Bublik.cfgi detected 05:32:35]//FAX350369.zip//fax749642.scr
” – Quote

Obviously that the Trojan horse manages to dodge automatic removal and as what has been stated clearly in the preceding paragraphs that Trojan.Win32.Bublik.cfgi manages to disable security service to some extent, it is advisable to employ manual removal way for eradication. Follow the below instruction and help yourself. Should you have difficulty in understanding the steps or carrying out some steps, you are welcome to get exclusive help according to your concrete situation by starting a live chat window here.
get expert help in removing Trojan.Win32.Bublik.cfgi



1. please close down System Restore function as Trojan.Win32.Bublik.cfgi could inject its vicious code into every detected restore points. 



2. run full scan with anti-virus program and note down the path name directing to Trojan.Win32.Bublik.cfgi. 



3. unveil all hidden items and remove items generated by Trojan.Win32.Bublik.cfgi from local disk. 

Windows 7/XP/Vista - Control Panel > user accounts and family safety > Folder Options > View tab > tick ‘Show hidden files and folders’ > non-tick ‘Hide protected operating system files (Recommended)’ > OK button.

Windows 8 - Windows Explorer > View tab > tick ‘File name extensions’ and ‘Hidden items’ > OK button.
Access the detected path and remove all the items there.
Access C:\Windows, C:\Windows\System32, C:\windows\winstart.bat, C:\windows\wininit.ini and C:\windows\Autoexec.bat to remove all the files and folders detected on the date when Trojan.Win32.Bublik.cfgi was firstly found. 



4. access Database to remove the items generated by Trojan.Win32.Bublik.cfgi.

Press down Win key and R key together > type “regedit” > hit Enter key > remove the values under the following entries:
HKEY_CLASSES_ROOTWindowFiles\Check_Associations
HKEY_LOCAL_MACHINESOFTWAREClientsStartMenuInternetINTEXPLORE.pif\ToP
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun\[random numbers and letters]
HKEY_CLASSES_ROOTCLSID{random numbers} shellOpenHomePageCommand.



Disclaimer

Such Trojan horse possesses high elusiveness that it keeps generating mutex to dodge being traced down and it would download different items according to the target system. Thus there’s no universal removal way to nuke down Trojan.Win32.Bublik.cfgi and certain level of computer knowledge and virus knowledge is required to dig out cunning items associated with the Trojan horse. The above steps are mainly offering the removal thread for victims. The thread is complete and feasible; however, some files, entries might not the same as what has been provided here.
get expert help in removing Trojan.Win32.Bublik.cfgi




No comments: