Downloader.Chepvil
Downloader.Chepvil is a dangerous Trojan that when executed will connect to a remote server and download more threats. It was found that Downloader.Chepvil is closely related to the other threats like Trojan.Milicenso, Trojan.Sasfis and Trojan.FakeAV. The Trojan is capable of modifying system files and registry entries that it needed to completely overrun the affected computer.
Damage Level: Medium
Systems Affected: Windows 9x, 2000, XP, Windows Vista
Characteristics
Upon execution of the Trojan file, Downloader.Chepvil will create this file.
%UserProfile%\Start Menu\Programs\Startup\dxdiag.exe
The Trojan will use the file to perform malicious actions like the following:
- Downloader.Chepvil will connect to a remote URL and download configuration file
- The Trojan will spread rogue security applications
- It will download additional Trojans and viruses from a remote host
Distribution
Downloader.Chepvil will spread over the Internet through spam email campaign. It disguises as a message coming from UPS (United Parcel Service) to draw attention from user. Moreover, it also utilized social engineering to reach as many victims as it can. To give you a view on spam email messages, we attached the following image:
Subject: United Parcel Service Notification
Message:
Dear customer,
The parcel was sent to your home address.
And it will arrive within 7 business day.
More information and the tracking number are attached in the document below.
Thank you.
How to Remove Downloader.Chepvil
Restore Windows Components
During an infection, Downloader.Chepvil drops various files. The worm intentionally hides system files by setting options in the registry. With these accomplishments, the best solution is to return Windows to previous working state is trough System Restore. If previous restore point is saved, you may proceed with Windows System Restore.Removal Tool
A free removal tool from Norton Antivirus was developed to remove virus and unfamiliar threats without using the traditional AV signatures. Download the tool from this location and start scanning the computer for viruses and Trojans.Manual Removal Procedure
1. If an anti-virus program is present, update the definition file. Each anti-virus program has its own way to update the database. Please refer to your software manufacturer’s manual.
2. Reboot Windows in Safe Mode to ensure that only minimal Windows components are loaded.
- After turning on the power of the computer, press F8 on your keyboard.
- It will display the Boot Options menu, select Safe Mode.
3. Run a full system scan and clean/delete all infected files related to Downloader.Chepvil.
4. Delete or modify any values added by Downloader.Chepvil to the registry if present. Please see the reference.
- To edit the registry, click on Start > Run and type regedit.exe in the field.
- Alternatively, you may press Windows Key + R on your keyboard to open the RUN command.
5. Exit registry editor when done. You may now restart the computer.
Alternative Removal Method for Downloader.Chepvil
Option 1 : Use Windows System Restore to return Windows to previous state
If Downloader.Chepvil enters the computer, there is a big chance that Windows files, registry entries and other essential components are also infected. System Restore can reinstate clean system files by restoring the configuration to an earlier date. The method also replaces compromised files with a clean version. If you have a saved restore point before Downloader.Chepvil infiltrates the PC, we highly encourage you to execute this procedure if none of the above works. You may proceed with Windows System Restore, click here to see the full procedure.