Clear Double link Trojan "Smart gene" _ Web Surfing

"Smart gene" is a domestic trojan, in addition to the General Trojan has the function, its most frightening is its permanent hidden remote host drive function, if the control side chose this function, then the controlled end can be miserable, want to find the drive? Hey, it's not that easy! Server-side file Genueserver.exe, with the HTM file icon, if your system is set to not display the file name extension, then you will think that this is an HTM file, it is easy to be fooled Oh. Hot Network

"Smart gene" is a file associated with a Trojan horse, but also a double connection Trojan! Why do you say that? Read the following and you'll know.

The "Smart gene" server program will generate three files after it is run, respectively:

C:\WINDOWS\MBBManager.exe

C:\WINDOWS\Explore32.exe

C:\WINDOWS\system\editor.exe

These three files are used in the HTM file icon, do not think they are HTM files! If your system is set to display all file extensions, you will find that they also have an ". exe" tail, which means that they are executable files!

What is the effect of these three documents separately? The MBBManager.exe file is used to load the runtime at startup, which is the daemon (for Trojans, if the client makes a connection request to a particular port on the server), the corresponding program on the server will automatically run to answer the client's request, which we call the daemon. For "smart genes", this particular port is 7511! What do Explore32.exe and Editor.exe do? Oh, they are used to and HLP file, TXT file association, if you find and delete the MBBManager.exe, will not really clear it. Once you open the Help file or text file, Explore32.exe and Editor.exe will be activated! It will generate daemons again mbbmanager.exe! This is why once the "smart gene" is hard to clean up! Who would have thought it would be associated with two types of files?! I was in the first run the Trojan research is therefore fooled, will MBBManager.exe and Editor.exe deleted and recovered TXT file association, thought completely clear clean, but when I ran the help file one day, I was surprised to find "smart gene" and back! I just know, "smart gene" also associated with HLP file!

"Smart gene" removal method:

1. Delete Files

First delete the MBBManager.exe and Explore32.exe files under C:\WINDOWS, and then delete the Editor.exe files under C:\WINDOWS\system. If the server is already running, then the process management software will have to terminate MBBManager.exe the process and then delete it under Windows. Of course, you can also delete these files in pure dos.

2. Delete the boot file from the Trojan in the registry

Here to delete:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Mainbroad Backmanager" = "C:\\windows\\mbbmanager.exe"

3. Recover TXT file association

Copy the following in Notepad and name it as a reg file of any name:

REGEDIT4

[Hkey_classes_root\txtfile\shell\open\command]

@= "Notepad%1"

[Hkey_local_machine\software\classes\txtfile\shell\open\command]

@= "Notepad%1"

Double-click on the reg file above, click "OK" in the pop-up dialog box to import these contents into the registry, and then restore TXT file association.

4. Recover HLP file association.

Copy the following in Notepad and name it as a reg file of any name:

REGEDIT4

[Hkey_classes_root\hlpfile\shell\open\command]

@= "C:\\WINDOWS\\WINHLP32. EXE%1 "

[Hkey_local_machine\software\classes\hlpfile\shell\open\command]

@= "C:\\WINDOWS\\WINHLP32. EXE%1 "

Double-click the above reg file, in the pop-up dialog box click "OK" can be imported into the registry, so that the HLP file association to recover. Well, you can tell the smart gene Byebye! Hot Network

To be particularly aware of, when you compile a reg file, "REGEDIT4" must be capitalized, and it must be empty behind the line, and, "REGEDIT4" in the "4" and "T" between must not have spaces, otherwise will be naught! Many friends write the registry file is not successful, because they did not notice the above mentioned content, this time should pay attention to the point. Please note that if you are a Win2000 or WinXP user, change "REGEDIT4" to Windows Registry Editor Version 5.00.

Finally, if the figure is easy, you can download Trojan nemesis, it against the domestic Trojan is the most proficient