Click on screenshot to zoom
Danger level 7
Type: Trojans
Common infection symptoms:
  • Installs itself without permissions
  • Connects to the internet without permission
  • Slow internet connection
  • Slow Computer

Backdoor.Gspy.A

Trojans usually specialize in one particular area of making your life miserable. Backdoor.Gspy.A, for example, is a Trojan that enters your computer without your permission and then works hard to steal important information such as your banking data and various others logins and/or passwords. Also, just as its name says, this Trojan is a backdoor that lowers down the security level of your system in order to let a hacker to access it and control your computer without you even realizing it.

The thing that should be mentioned about Backdoor.Gspy.A is that this infection is hard to determine if you are not a computer expert, because the Trojan does not have an interface nor does it make annoying messages pop up out of nowhere every other minute. However, the presence of the following process files in the Task Manager is the best evidence of the infection: mshtune.exe, qrvzd.exe, usmme.exe, rndbs.exe. These are not legitimate processes and they must be shut down immediately. You can find the full list of process files related to Backdoor.Gspy.A below this description.

The Trojan always runs in the background of your system, because upon the installation it inserts a RUN key into the Registry, allowing it to start automatically together with your computer. It also hijacks such legitimate processes as csrss.exe, lsass.exe, svchost.exe and winlogon.exe in order to avoid being detected by security products. But the worst thing about Backdoor.Gspy.A is that it can exhibit various types of malicious behavior in your system. For example, it is capable of deleting files, modifying system settings and downloading arbitrary files that usually contain other kinds of malware. In order to download and execute the said files Backdoor.Gspy.A connects to remote Russian sites.

Also, Backdoor.Gspy.A is capable of stealing your login and password for such applications as ExpanDrive, NetDrive, PocoMail, SmartFTP, Vypress Auvis, Windows Live Mail and others. The Trojan uploads the stolen data to a remote server while the user has absolutely no idea about it.

Obviously, this Trojan poises a great threat your system and your own security so you have to remove Backdoor.Gspy.A from your computer immediately. Most of the users cannot terminate the Trojan on their own, so it is highly recommended to acquire a legitimate antimalware program that will erase Backdoor.Gspy.A automatically.

Download Spyware Removal Tool to Remove* Backdoor.Gspy.A
  • Quick & tested solution for Backdoor.Gspy.A removal.
  • 100% Free Scan for Windows
disclaimer

How to manually remove Backdoor.Gspy.A

Files associated with Backdoor.Gspy.A infection:

rndbs.exe
NUSB3w32.dll
audiodrvx.exe
htBCSvc32.exe
vlopq.exe
pdf_converter.exe
qdlrj.exe
ciohb.exe
saaxh.exe
xhygu.exe
53499.exe
ozzok.exe
msmsgs.exe
ckazo.exe
xhygu.exe
ciohb.exe
vluge.exe
ozzok.exe
Anti-Malware.exe
waada.exe
Svchost.exe
_ex-68.exe
usmme.exe
rndbs.exe
pdf_converter.exe
NUSB3w32.dll
msmsgs.exe
mshtune.exe
htBCSvc32.exe
audiodrvx.exe
53499.exe
Anti-Malware.exe
qrvzd.exe
appmgmts.dll
mshtune.exe
waada.exe
ckazo.exe
vluge.exe
_ex-68.exe
gsmej.exe
Svchost.exe
lmjwl.exe
qrvzd.exe
Anti-Malware.exe
depzk.exe
usmme.exe

Backdoor.Gspy.A DLL's to remove:

NUSB3w32.dll
appmgmts.dll

Backdoor.Gspy.A processes to kill:

ciohb.exe
rndbs.exe
vluge.exe
Anti-Malware.exe
depzk.exe
gsmej.exe
audiodrvx.exe
ckazo.exe
qdlrj.exe
lmjwl.exe
msmsgs.exe
vlopq.exe
ckazo.exe
xhygu.exe
ciohb.exe
vluge.exe
ozzok.exe
Anti-Malware.exe
waada.exe
Svchost.exe
_ex-68.exe
usmme.exe
rndbs.exe
pdf_converter.exe
msmsgs.exe
mshtune.exe
htBCSvc32.exe
audiodrvx.exe
53499.exe
Anti-Malware.exe
qrvzd.exe
_ex-68.exe
53499.exe
qrvzd.exe
xhygu.exe
htBCSvc32.exe
ozzok.exe
waada.exe
mshtune.exe
usmme.exe
Svchost.exe
pdf_converter.exe
saaxh.exe
Disclaimer

Post comment — WE NEED YOUR OPINION!

Comment:
Name:
Please enter security code:
This is a captcha-picture. It is used to prevent mass-access by robots.