Trojan.Pherbot
Trojan.Pherbot is a Trojan that can allow a remote attacker to gain unauthorized access on the infected computer. Trojan.Pherbot can steal sensitive information from a compromised system and sends to an specified location.
Damage Level: Medium
Systems Affected: Windows 9x, 2000, XP, Vista, Windows 7
Manual Removal of Trojan.Pherbot:
1. If System Restore is active, try to load previous restore point if there are any by going to Start button and search for “System Restore”. If none, disable System Restore (optional).
2. Update the virus definitions.
3. Reboot computer in SafeMode.
4. Run a full system scan and clean/delete all infected file(s).
5. Edit registry and remove entries created by Trojan.Pherbot.
6. Exit registry editor and restart the Windows.
Note: Please see Tutorial on the sidebar in performing System Restore, Start in Safe Mode and Registry Editing.
Scan with Norton Power Eraser:
A free removal tool from Norton Antivirus was developed to remove unfamiliar threats without using the traditional AV signatures. Download the tool from this location and start scanning the computer for viruses.
Online Virus Scanner:
Another way to remove a virus from a computer without the need to install additional anti-virus application is to perform a thorough scan with free Online Virus Scanner that can be found here or on web sites of legitimate computer security provider.
Technical Details and Additional Information:
Other functionalities of this Trojan:
- Trojan.Pherbot will connect to a predefined URL and received commands.
- It can update or remove itself.
- This Trojan can download additional files from a remote server.
Malicious Files Added by Trojan.Pherbot:
%UserProfile%\Application Data\befefbesbenesn\Data_01.vbs
%UserProfile%\Application Data\befefbesbenesn\Update.exe
Associated Windows Registry Entries:
HKEY_CURRENT_USER\Software\Microsoft\Windows\Current Version\Run\”Update.exe” = “%UserProfile%\Application Data\befefbesbenesn\Update.exe”