Click on screenshot to zoom
Danger level 7
Type: Trojans
Common infection symptoms:
  • Installs itself without permissions
  • Connects to the internet without permission
  • Slow internet connection
  • Slow Computer

Backdoor.Gspy.A

Trojans usually specialize in one particular area of making your life miserable. Backdoor.Gspy.A, for example, is a Trojan that enters your computer without your permission and then works hard to steal important information such as your banking data and various others logins and/or passwords. Also, just as its name says, this Trojan is a backdoor that lowers down the security level of your system in order to let a hacker to access it and control your computer without you even realizing it.

The thing that should be mentioned about Backdoor.Gspy.A is that this infection is hard to determine if you are not a computer expert, because the Trojan does not have an interface nor does it make annoying messages pop up out of nowhere every other minute. However, the presence of the following process files in the Task Manager is the best evidence of the infection: mshtune.exe, qrvzd.exe, usmme.exe, rndbs.exe. These are not legitimate processes and they must be shut down immediately. You can find the full list of process files related to Backdoor.Gspy.A below this description.

The Trojan always runs in the background of your system, because upon the installation it inserts a RUN key into the Registry, allowing it to start automatically together with your computer. It also hijacks such legitimate processes as csrss.exe, lsass.exe, svchost.exe and winlogon.exe in order to avoid being detected by security products. But the worst thing about Backdoor.Gspy.A is that it can exhibit various types of malicious behavior in your system. For example, it is capable of deleting files, modifying system settings and downloading arbitrary files that usually contain other kinds of malware. In order to download and execute the said files Backdoor.Gspy.A connects to remote Russian sites.

Also, Backdoor.Gspy.A is capable of stealing your login and password for such applications as ExpanDrive, NetDrive, PocoMail, SmartFTP, Vypress Auvis, Windows Live Mail and others. The Trojan uploads the stolen data to a remote server while the user has absolutely no idea about it.

Obviously, this Trojan poises a great threat your system and your own security so you have to remove Backdoor.Gspy.A from your computer immediately. Most of the users cannot terminate the Trojan on their own, so it is highly recommended to acquire a legitimate antimalware program that will erase Backdoor.Gspy.A automatically.

Download Spyware Removal Tool to Remove* Backdoor.Gspy.A
  • Quick & tested solution for Backdoor.Gspy.A removal.
  • 100% Free Scan for Windows
disclaimer

How to manually remove Backdoor.Gspy.A

Files associated with Backdoor.Gspy.A infection:

ozzok.exe
vlopq.exe
ckazo.exe
xhygu.exe
ciohb.exe
vluge.exe
ozzok.exe
Anti-Malware.exe
waada.exe
Svchost.exe
_ex-68.exe
usmme.exe
rndbs.exe
pdf_converter.exe
NUSB3w32.dll
msmsgs.exe
mshtune.exe
htBCSvc32.exe
audiodrvx.exe
53499.exe
Anti-Malware.exe
qrvzd.exe
audiodrvx.exe
saaxh.exe
htBCSvc32.exe
mshtune.exe
pdf_converter.exe
rndbs.exe
ciohb.exe
usmme.exe
msmsgs.exe
waada.exe
xhygu.exe
Anti-Malware.exe
depzk.exe
qrvzd.exe
appmgmts.dll
gsmej.exe
_ex-68.exe
NUSB3w32.dll
ckazo.exe
53499.exe
lmjwl.exe
Svchost.exe
qdlrj.exe
vluge.exe

Backdoor.Gspy.A DLL's to remove:

appmgmts.dll
NUSB3w32.dll

Backdoor.Gspy.A processes to kill:

gsmej.exe
rndbs.exe
msmsgs.exe
lmjwl.exe
usmme.exe
xhygu.exe
qdlrj.exe
qrvzd.exe
Anti-Malware.exe
mshtune.exe
saaxh.exe
Svchost.exe
_ex-68.exe
pdf_converter.exe
audiodrvx.exe
ckazo.exe
xhygu.exe
ciohb.exe
vluge.exe
ozzok.exe
Anti-Malware.exe
waada.exe
Svchost.exe
_ex-68.exe
usmme.exe
rndbs.exe
pdf_converter.exe
msmsgs.exe
mshtune.exe
htBCSvc32.exe
audiodrvx.exe
53499.exe
Anti-Malware.exe
qrvzd.exe
waada.exe
depzk.exe
ozzok.exe
vlopq.exe
htBCSvc32.exe
vluge.exe
ciohb.exe
53499.exe
ckazo.exe
Disclaimer

Post comment — WE NEED YOUR OPINION!

Comment:
Name:
Please enter security code:
This is a captcha-picture. It is used to prevent mass-access by robots.