Blog Cinangka

Win32 Virus - Remove Win32 Virus Trojan Proxy

Posted by Taufiq Rohman Sunday, October 16, 2011
Share this Article on :

How to Remove Win32 Virus - Trojan Proxy

The Trojan-Proxy.Win32 virus is a worm affecting computers running Microsoft Windows.

These Trojans function as a proxy server and provide anonymous access to the Internet from victim machines.

Today these Trojans are very popular with spammers who always need additional machines for mass mailings.

Virus coders will often include Trojan-proxies in Trojan packs and sell networks of infected machines to spammers.

You may not even know your computer has been infected. Hundreds of computers get infected daily. Simply visiting certain malicious sites can cause your computer to be infected. To find out you can try using a antivirus scanner and virus removal software.

Trojans are breaching your computer security and should be removed. The Trojan-Proxy.Win32 Trojan can be removed from your system if it has been infected!

===> Win32 Virus Removal Tool

What Exactly is the Win32 Trojan Proxy Virus

This Trojan program makes it possible for a remote malicious user to use the machine as a proxy-server.

A proxy server is a server (a computer system or an application program) which services the requests of its clients by forwarding requests to other servers. So in simple terms, the Trojan-Proxy virus uses your computer as a host to sell to spammers. Ever wondered where all your internet bandwidth has gone?

The Trojan itself is a Windows PE EXE file written in Visual C++, packed using UPX. The file can be between 39KB - 53KB in size.

An example of a Trojan horse virus would be that a program you may have downloaded which you think is something simple like a screensaver program named "exotic-cars.scr" which seems to be a car desktop screensaver. When you install it, it instead unloads hidden programs, commands, scripts, or any number of commands with or without you knowing it is doing it in the background.

Trojan Horse programs can often be used to bypass security protection you have on your system which causes you system to be left without any protect and gives the hacker full access to your machine.

===> Win32 Virus Removal Tool (free download)

What Does the Trojan-Proxy.Win32 Virus Do?

The Trojan creates a unique identifier, "Windows-Update-Service" to flag its presence in the system.

Once launched, the Trojan listens on a random TCP port to realize the proxy-server function. The number of the port chosen is randomly generated, and will be in the range 1025 - 5024. If it is not possible to listen on this port, a new attempt will be made, with the port number being regenerated.

The worm then establishes a connection to*** If this is unsucessful, the attempt will be repeated at 15 minute intervals.

If the connection is successful, the number of the port which the Trojan is listening on will be encoded and transmitted to port 3878 on the server in encrypted form.

Once the remote malicious user receives this data, s/he will be able to use the victim machine as a proxy-server.

Manually Remove the Trojan-Proxy.Win32 Virus and Removing it from the Registry

Removing a virus using the manual method.

Removing a virus can be done manually, however you will need to understand how to edit the system registry and be able to troubleshoot various problems with your computer system. Viruses are persistent and removing one can take a considerable amount of time and knowledge of how an operating system works. You will also need to know how to edit registry to delete virus and stop it from reinstalling each time you connect to the internet.

Removal Instructions

1. Determine the name of the Trojan program by using regedit or another utility to edit the system registry. View the "Services" parameter in the [HKLM\Software\Microsoft\Windows\CurrentVersion\Run] key; this parameter gives the full path to the malicious program.

2. Use Task Manager to terminate the process with the Trojan name.

3. Delete the original Trojan file.

4. Delete the following value from the system registry key:


Using Registry Editor incorrectly can cause serious problems that may require you to reinstall your operating system.

It cannot be guaranteed that problems resulting from the incorrect use of Registry Editor can be solved. You edit the registry at your own risk.

Still Having Problems Manually Removing the Win32 Virus

If you couldn't remove it for some reason try using anti-virus software

Win32 worms generally are set to run automatically when you start your computer or even register themselves to be run when any other application is started. Unfortunately, you can't just delete the worm file or your computer system might not be able to start your applications (such as Explorer) any more.

In order to effectively remove the worm from your computer system, it is often necessary to make additional changes to your system registry. Editing the system registry isn't easy. It can be done but can be difficult for those who aren't computer technicians.

There is an easier way to remove the Win32 worm which is a fully automatic, EASY and INTELLIGENT solution.

Try the multi award winning anti virus and spyware remover which is designed to remove Win32 Trojans effectively. Also you can EASILY eliminate any other viruses and malware from your system than doing the manual methods.

Win32 Virus Removal Software : Free Download

If you can't remove the Win32 virus manually, then you need to use a software that can.

The best antivirus and antispyware software

The best way to get complete protection from the most dangerous threats on the Internet - spyware, viruses, data theft and hackers - in a single, easy-to-use solution such as Anti-Virus Plus software.

AntiVirus provides real protection against security threats such as viruses, spyware, adware, worms, Trojans, key loggers, and rootkits.

In addition, AntiVirus monitors all traffic to and from your computer, so you'll always know what's happening and if your computer is being attacked. You'll easily be able to block hackers attempts to access your computer, and your personal information on the internet.

Win32 Virus Resources and Further Information

Symantec Virus Name Definitions
There are many different types of viruses. This is a great resource to tell you what different prefixes in virus names mean and how they differ.

Removing Zeus Trojan :: Zeus Zbot Trojan :: Latest Threat

One of the latest trojan spreading via social networks is Zeus Zbot Trojan

This particular type of malware tries to collect financial details from people - think bank account numbers and passwords, credit cards info, and so on - and so has the potential to cause quite a bit more damage than some viruses. An individual might lose his savings, not just have his computer slow down or die.

The Zeus trojan is a bit aggressive in that it spreads through social networks like Facebook, too, and not just through sites and email attachments. Zbot uses a wide variety of social engineering tricks to spread through a variety of methods, including spam email and web downloads. It created a large botnet that collects information about victim's credit card, banking and social network logins

Common Known Win32 Worms

A list of currently known Win32 Viruses

Win32:Badtrans [Wrm]
Win32:Beagle [Wrm] (aka Bagle), variants A-Z, AA-AH
Win32:Blaster [Wrm] (aka Lovsan), variants A-I
Win32:BugBear [Wrm], including B-I variants
Win32:Ganda [Wrm]
Win32:Klez [Wrm], all variants (including variants of Win32:Elkern)
Win32:MiMail [Wrm], variants A, C, E, I-N, Q, S-V
Win32:Mydoom [Wrm] (variants A, B, D, F-N - including the trojan horse)
Win32:Nachi [Wrm] (aka Welchia, variants A-L)
Win32:NetSky [Wrm] (aka Moodown, variants A-Z, AA-AD)
Win32:Nimda [Wrm]
Win32:Opas [Wrm] (aka Opasoft, Opaserv)
Win32:Parite (aka Pinfi), variants A-C
Win32:Sasser [Wrm] (variants A-G)
Win32:Scold [Wrm]
Win32:Sinowal [Trj] - variants AA, AB
Win32:Sircam [Wrm]
Win32:Sober [Wrm], variants A-I, J-K
Win32:Sobig [Wrm], including variants B-F
Win32:Swen [Wrm], including UPX-packed variants
Win32:Yaha [Wrm] (aka Lentin), all variants
Win32:Zafi [Wrm] (variants A-D)

* Backdoors
* General Trojans
* PSW Trojans
* Trojan Clickers
* Trojan Downloaders
* Trojan Droppers
* Trojan Proxies
* Trojan Spies
* Trojan Notifiers
* ArcBombs
* Rootkits

Related Post:

Post a Comment