Click on screenshot to zoom
Danger level 6
Type: Trojans

Cycbot.B

It can be said that backdoor Trojans are actually more harmful than other kinds of Trojans. This is the case when it comes to Cycbot.B, which is a harmful backdoor Trojan that will gain access to your machine when you least expect it. This infection enables malicious criminals to gain unauthorized access and control over your computer system. Once the computer gets infected, there are high risks that this Trojan will connect to a certain IRC server and then proceed to accept instructions from malicious criminals. Some of these instructions may be to spread additional infections or alternatively scan network shares in order to find weak passwords and then exploit these Windows vulnerabilities. Needless to say, it is important to remove Cycbot.B from your computer immediately upon detection.

Cycbot.B has quite a few alias names, including FakeDpr-A, FakeAv-BWP, and Troj/Katusha-J. This is because this threat is widely spread, and all security tools detect it as a malicious infection, but they have different names for it. Regardless of the name, this malicious Trojan always works the same. Of course, the distribution of this Trojan is another variable that is difficult to predict. Some let it in via a malicious software bundle, others execute it by clicking on a corrupted link found in a misleading spam email. If executed, this infection copies itself to the %Temp% directory and creates multiple files, all in the %UserProfile%\Application Data\Microsoft\ directory. These files include stor.cfg, svchost.exe, and shell.exe. It then proceeds to create entries in the Windows Registry to add the infection to startup, modify the proxy server, and change Internet Explorer settings.

The clandestine Cycbot.B relies on its ability to communicate with remote domains. A few of these domains include freenetgameonline.com, freeonlinedatingtips.net, testpcdriversonline.com, xy95.cn, and securemywebconnection.com. This Trojan also monitors your activity on popular websites. All of this is done using different files. Some of them have completely random names, such as ONSpHfXktSpHfqI.exe, drufee[1].mp3, A1B5F.exe, and 1F128.exe. These files might be difficult to identify because their names might be randomly generated. Nevertheless, it might be even more difficult to remove conhost.exe, jusched.exe, java.exe, svchost.exe, iexplore.exe, csrss.exe, firefox.exe, and shell.exe. These names represent files of authentic companies, such as Microsoft, Adobe, or Mozilla. Unfortunately, the malicious Trojan is capable of concealing itself by using these names for malicious files. If you are trying to delete this malware, check the digital signatures first. Another thing to keep in mind is that malicious files are usually located in odd places. Unfortunately, it is also possible that Cycbot.B will infect original files.

Various malicious infections could find their way into your operating system using Cycbot.B. In many cases, this infection is the culprit that lets in Windows Premium Console, Windows Attention Utility, Windows Emergency System, Windows Defence Unit, AntiSpy Safeguard, fake Microsoft Security Essentials, and other rogue anti-spyware or antivirus software. If this software attacks, you will be flooded with fictitious security warnings all feeding you false, misleading information. Do not trust unfamiliar, unauthorized security tools informing you that malware has invaded your PC, and do not pay for their useless services because there are better ways to spend your money. Unfortunately, some rogues are capable of changing computer settings so that you could not disable or remove malware easily. Needless to say, the sooner you remove the Trojan, the higher the chances of you evading other threats. If additional threats were slipped in already, we suggest removing the Trojan first.

We are sure you understand that it is important to remove Cycbot.B Trojan from your operating system. This clandestine infection can infect your operating system with every kind of malware, and you do not need that. Your virtual security could be seriously jeopardized if you let this Trojan run on your PC. So, if you do not want to have your operating system used for the distribution of malware, your banking accounts hijacked, or your computer running disorderly, you need to eliminate this Trojan as soon as possible. Manual removal is not straightforward, and we do not recommend this option for inexperienced users. If you lack experience, it is best to use automated malware detection and removal software that is designed to eliminate malware automatically. Keep this software installed and, most importantly, updated for full-time protection.

Download Spyware Removal Tool to Remove* Cycbot.B
  • Quick & tested solution for Cycbot.B removal.
  • 100% Free Scan for Windows
disclaimer

How to manually remove Cycbot.B

Files associated with Cycbot.B infection:

svchost.exe
csrss.exe
EB7EB.exe
689BA.exe
E21E6.exe
dwm.exe
ONSpHfXktSpHfqI.exe
264.exe
0BA0F.exe
shell.exe
84527.exe
firefox.exe
iexplore.exe
B7595.exe
a.exe
2FD.exe
6F9.exe
A1B5F.exe
276.exe
E1D.exe
B9B79.exe
drufee[1].mp3
0.42125441913294215.exe
atioglxx32.dll
EBE63.exe
8B9F.exe
jusched.exe
0.847095224800621.exe
B95.exe
java.exe
D71E9.exe
6562D.exe
D7101.exe
38A.exe
00001.exe
lvvm.exe
1F128.exe
thpm5663723991325744543.tmp
conhost.exe
087E7.exe

Cycbot.B DLL's to remove:

atioglxx32.dll

Cycbot.B processes to kill:

svchost.exe
D71E9.exe
iexplore.exe
38A.exe
shell.exe
689BA.exe
B7595.exe
264.exe
a.exe
dwm.exe
ONSpHfXktSpHfqI.exe
00001.exe
0.42125441913294215.exe
csrss.exe
B95.exe
6F9.exe
B9B79.exe
84527.exe
EB7EB.exe
0BA0F.exe
jusched.exe
conhost.exe
1F128.exe
java.exe
087E7.exe
firefox.exe
8B9F.exe
276.exe
E1D.exe
0.847095224800621.exe
lvvm.exe
E21E6.exe
6562D.exe
EBE63.exe
2FD.exe
D7101.exe
A1B5F.exe
Disclaimer

Post comment — WE NEED YOUR OPINION!

Comment:
Name:
Please enter security code:
This is a captcha-picture. It is used to prevent mass-access by robots.