Trojan.Win32.DisableSR-Remove Trojan.Win32.DisableSR

Trojan.Win32.DisableSR is a Trojan horse that visit website in backdoor to download additional files to compromised computer, gathers information from the computer and steals sensitive information.

 

Analysis date: 5th, July, 2013

Risk Impact/Damage: High

 

Behavior and damage of Trojan.Win32.DisableSR:

 

• Copy and add files to system directory

• Create startup entry which enable it start automatically when computer boot up.

 

• Add itself to Windows startup

• Disable registry

• Disable file options

• Hide file extension

• Disable “show hidden files” option

• Disable “Show file system protection” option

 

• Shut down “System Restore” function

 

• Open a backdoor, visiting websites in backdoor, download additional files to compromised computer to gather information from the computer and steal sensitive information.

 

• Set up proxy server in order to visit decryption websites in different area.

 

Trojan.Win32.DisableSR Removal:

 

Automatically Removal Tool: Anvi Smart Defender

 

If you get infected with Trojan.Win32.DisableSR, we recommend that you run a full system scan. Alternatively, you can try manual method available below.

 

1. Restore registry settings

 

Click on Start Menu-> Click Run, then type “gpedit.msc” to find the User Configuration-> Administrative Templates-System-> find “Prevent access to registry editing tools”, uncheck the option, after that you can open your regedit to edit and remove malicious entries added by Trojan.Win32.DisableSR.

 

2. Click on Start menu-> Click Run, then type “regedit” and edit following registry

entries.

Locate to:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\

And delete

HtuUTsdrusQHxAB/ACA0LA9x+L

Locate to:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\下

Delete:

HtuUTsdrusQHxAB/ACA0LA9x+LBb

 

Locate to and configure the key value of to 0: 

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsNT\SystemRestore\DisableSR

 

Locate to: 

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer , find and configure the key value of Nofolderoption to 0

 

Modify the key value to 1 to display hidden file options:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Hidden

 

Configure the key value of HideFileExt to 0 to display the file extension under:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced下HideFileExt

 

Configure the key value of SuperHidder to 1:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced

 

We Anvisoft are devoted to develop most practical software and many other useful free tools to protect PC security as well as optimize computer for fast performance. Should you have any problem, please post your issue here. We will answer your question as soon as possible. Thank you for your support to Anvisoft.

Comments are closed.