Full
Name: |
Trojan.Joex |
| Type: |
Trojan |
| Also Known As: |
Troj/Digidor-A (SOPHOS)
Trojan.Startpage.Q |
| Danger Level: |
5 |
| Category Description: |
Trojans are malicious applications that pose themselves as legitimate software in order to trick users to install them. Once on the victim's machine, it may run any number of malicious process to steal vital information or inflict damage to other software. |
| Official Description: |
Disables the Windows Task Manager and changes Internet Explorer's home page. Is capable of downloading and executing files.
Also this trojan hides its files by changing registry entries. Does not allows the users to view the hidden files. |
| |
|
| Information URL: |
http://joyiex.com/ |
| Properties: |
|
| Manual Removal: |
1. Click Start > Run.
2. Type regedit
3. Click OK.
4. Navigate to the subkey:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
In the right pane, delete
"ctfnom.exe" = "%Windir%\SVOHOST.exe"
5. Navigate to the subkey:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
In the right pane,change the Data for "Shell" to Explorer.exe
6. Navigate to the subkey:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\
Policies\system
In the right pane, delete the value:
"DisableTaskMgr" = "1"
7. Navigate to the subkey:
HKEY_CURRENT_USER\Software\Policies\Internet Explorer\ControlPanel
In the right pane, delete the value:
"HomePage" = "1"
8. Navigate to the subkey:
HKEY_CLASSES_ROOT\txtfile\shell\open
In the right pane, modify the value:
"command" = "%System%\lsasa.exe "%1""
to:
"command" = "%System%\notepad.exe "%1""
9. Close the Registry Editor. |
