Trojan.Downexec.B!inf
Contents of this article pertain to Trojan.Downexec.B!inf. This page includes description, technical aspects, and removal guide to delete the threat from your computer.
Trojan.Downexec.B!inf is a common detection method used to identify files that were infected with variants of Trojan.Downexec family. This Trojan may attempt to connect to a distant server to download and execute malicious files onto victim’s computer. Moreover, the threat may infect the main file Internet Explorer to load a corrupt code when victim uses the program.
Damage Level: Medium
Systems Affected: Windows 9x, 2000, XP, Windows Vista
Characteristics
When Trojan.Downexec.B!inf is executed, it carry out an operation that disables security and hard disk protection of the affected system.
The Trojan infects a legitimate Explorer.exe file so that it runs when the process loads. This method may provide a line of sight between the Trojan and remote server. It will attempt to download and execute additional malware on the infected computer. The Trojan can also download configuration file to update itself. Upgraded version of this threat can add more harm on the infected computer. It can perform tasks that can lead to stolen sensitive data.
Trojan.Downexec.B!inf also embeds malicious code into Internet Explorer’s IEXPLORER.EXE for the same purpose of attaching more threats.
Next, this threat will inspect if the PC is running on FAT32 or NTFS file system. If it is, it will store an infected IEXPLORER.EXE in the last sector of the primary partition.
Once it accomplishes task on the compromised computer, the Trojan will create a file delme.bat and proceed with the removal of itself.
Distribution
This threat mainly spread through spam operation. It is either in the form of email or Internet campaign. To be specific, Trojan.Downexec.B!inf role is to fetch other malware that cannot be distributed over the said campaign. Being small in size and able to escape antivirus detection, Trojan.Downexec.B!inf can easily fit email attachment.
How to Remove Trojan.Downexec.B!inf
1. Temporarily Disable System Restore (Windows Me/XP).
2. Open your antivirus application and update the virus definition file. This method ensures that your antivirus program can detect even newer variants of Trojan.Downexec.B!inf
3. Start Windows in Safe Mode with Networking.
- From a power-off state, turn on the computer and press F8 on your keyboard repeatedly.
- Your computer will display Windows Advanced Boot Options menu. Please select Safe Mode with Networking.
- The system will now boot Windows and loads only necessary drivers and files.
4. Open your antivirus program and run a full system scan. After the scan, delete all infected items. If unable, better place them in quarantine. Once the scan is complete, please proceed with the next step.
Online Virus Scanner:
Another way to remove Trojan.Downexec.B!inf without the need to install additional antivirus application is to perform a thorough scan with free online virus scanner that can be found here or on websites of legitimate anti-virus and security provider.
5. Go to Online Virus Scanner list and run a virus scan. This may require plug-ins, add-on or Activex object, please install if you want to proceed with scan.
6. After completing the necessary download, your system is now ready for online virus scanning.
7. Select an option in which you can thoroughly scan the computer to make sure that it will find and delete entirely all infections not detected on previous scan.
8. Remove or delete all detected items.
9. When scanning is finished you may now restart the computer in normal mode.
Alternative Removal Method for Trojan.Downexec.B!inf
Option 1 : Use Windows System Restore to return Windows to previous state
If Trojan.Downexec.B!inf enters the computer, there is a big chance that Windows files, registry entries and other essential components are also infected. System Restore can reinstate clean system files by restoring the configuration to an earlier date. The method also replaces compromised files with a clean version. If you have a saved restore point before Trojan.Downexec.B!inf infiltrates the PC, we highly encourage you to execute this procedure if none of the above works. You may proceed with Windows System Restore, click here to see the full procedure.
precisesecurity
Jun 17, 2008 @ 13:52:29
We are still waiting for the sample to test effective removal. For now, please try Malwarebytes Anti-Malware and Standard Virus Removal.