Home / Parasites / Backdoors / Backdoor.Tofsee
Danger level 7
Type: Backdoors
Common infection symptoms:
  • Changes background
  • Shows commercial adverts
  • Normal system programs crash immediatelly
  • Slow internet connection
  • Cant change my homepage
  • Slow Computer
  • Connects to the internet without permission
  • Installs itself without permissions
Other mutations known as:
Backdoor.Tofsee.D

Backdoor.Tofsee

Backdoor.Tofsee is a generic detection for a big group of backdoor Trojans, distributed as UPX packed executable files. This family has many components that function together to increase traffic for certain websites. They are also responsible for spamming infected users with spam emails. Some components of Backdoor.Tofsee family simply infect the system to load the main infections. For example, Backdoor:Win32/Tofsee.I infects the target system to load it with Backdoor:Win32/Tofsee.F. The latter backdoor connects to the Internet behind your back by using an HTTP proxy. Once the connection a remote server is established Backdoor.Tofsee communicates with its creator and receives commands on what to do next - usually it generates and sends out spam email messages.

In order for the Backdoor.Tofsee to function immediately, the malware modifies Windows Registry upon the infection. The modifications are made in order to make sure that the backdoor runs automatically whenever Windows start. When Backdoor.Tofsee is run, it lowers or completely disable Internet security settings to make use of your broadband. It bypasses your Windows Firewall by adding to a "trusted program" list. This way Backdoor.Tofsee can make use of your Internet connection to send you spam email messages.

Aside from sending out spam messages, Backdoor.Tofsee could also be used to conduct distributed denial of service attacks. Since this infection opens a backdoor in your system and modifies your Firewall settings, your system automatically becomes vulnerable to other possible infections. Unfortunately, Backdoor.Tofsee does not have any specific infection symptoms, so you might not realize you are infected before it is too late. Therefore, it is highly recommended that you perform regular system scans with a reliable antimalware scanner (like SpyHunter) to prevent dangerous infections.

In order to remove Backdoor.Tofsee from your computer, you should invest in a legitimate computer security program to terminate the infection automatically. Malware backdoor removal is not recommended unless you are a computer expert and you know exactly what you are doing.

Download Spyware Removal Tool to Remove* Backdoor.Tofsee
  • Quick & tested solution for Backdoor.Tofsee removal.
  • 100% Free Scan for Windows
disclaimer

How to manually remove Backdoor.Tofsee

Files associated with Backdoor.Tofsee infection:

ymjhe.exe
fresdg.exe
awmxrol.exe
arrhkkw.exe
ndisvvan.sys
sbka.exe
rrq.exe
ndce.exe
jodxac.exe
bjgbw.exe
msvmcls64.exe
aymmqaf.exe
510417.exe
ubfhs.exe
init.exe
wkfmi.exe
dunyup.exe
jopmu.exe
lkfiud.exe
texb.exe
gyowjn.exe
nrurdu.exe
wsxfp.exe
iqkil.exe
udecylc.exe
rqw.exe
vwva.exe
oell.exe
vowtjs.exe
fbxhs.exe
saiuwwl.exe
ecx.exe
hvccs.exe
fechme.exe
nsxflo.exe
qkjp.exe
ybhl.exe

Backdoor.Tofsee processes to kill:

ymjhe.exe
fresdg.exe
awmxrol.exe
arrhkkw.exe
sbka.exe
rrq.exe
ndce.exe
jodxac.exe
bjgbw.exe
msvmcls64.exe
aymmqaf.exe
510417.exe
ubfhs.exe
init.exe
wkfmi.exe
dunyup.exe
jopmu.exe
lkfiud.exe
texb.exe
gyowjn.exe
nrurdu.exe
wsxfp.exe
iqkil.exe
udecylc.exe
rqw.exe
vwva.exe
oell.exe
vowtjs.exe
fbxhs.exe
saiuwwl.exe
ecx.exe
hvccs.exe
fechme.exe
nsxflo.exe
qkjp.exe
ybhl.exe

Remove Backdoor.Tofsee registry entries:

HKEY_CURRENT_USERSOFTWAREMICROSOFTWINDOWSCURRENTVERSIONRUN MSConfig
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ MSConfig
HKEY_LOCAL_MACHINESOFTWAREMICROSOFTWINDOWSCURRENTVERSIONRUN CFmon
HKEY_LOCAL_MACHINESOFTWAREMICROSOFTWINDOWSCURRENTVERSIONRUN dunyup
HKEY_LOCAL_MACHINESOFTWAREMICROSOFTWINDOWSCURRENTVERSIONRUN ecx
HKEY_LOCAL_MACHINESOFTWAREMICROSOFTWINDOWSCURRENTVERSIONRUN fbxhs
HKEY_LOCAL_MACHINESOFTWAREMICROSOFTWINDOWSCURRENTVERSIONRUN fechme
HKEY_LOCAL_MACHINESOFTWAREMICROSOFTWINDOWSCURRENTVERSIONRUN gyowjn
HKEY_LOCAL_MACHINESOFTWAREMICROSOFTWINDOWSCURRENTVERSIONRUN hvccs
HKEY_LOCAL_MACHINESOFTWAREMICROSOFTWINDOWSCURRENTVERSIONRUN iqkil
HKEY_LOCAL_MACHINESOFTWAREMICROSOFTWINDOWSCURRENTVERSIONRUN jopmu
HKEY_LOCAL_MACHINESOFTWAREMICROSOFTWINDOWSCURRENTVERSIONRUN lkfiud
HKEY_LOCAL_MACHINESOFTWAREMICROSOFTWINDOWSCURRENTVERSIONRUN Microsoft(R) System Manager
HKEY_LOCAL_MACHINESOFTWAREMICROSOFTWINDOWSCURRENTVERSIONRUN MS Virtual CLS
HKEY_LOCAL_MACHINESOFTWAREMICROSOFTWINDOWSCURRENTVERSIONRUN nrurdu
HKEY_LOCAL_MACHINESOFTWAREMICROSOFTWINDOWSCURRENTVERSIONRUN nsxflo
HKEY_LOCAL_MACHINESOFTWAREMICROSOFTWINDOWSCURRENTVERSIONRUN oell
HKEY_LOCAL_MACHINESOFTWAREMICROSOFTWINDOWSCURRENTVERSIONRUN qkjp
HKEY_LOCAL_MACHINESOFTWAREMICROSOFTWINDOWSCURRENTVERSIONRUN rqw
HKEY_LOCAL_MACHINESOFTWAREMICROSOFTWINDOWSCURRENTVERSIONRUN saiuwwl
HKEY_LOCAL_MACHINESOFTWAREMICROSOFTWINDOWSCURRENTVERSIONRUN texb
HKEY_LOCAL_MACHINESOFTWAREMICROSOFTWINDOWSCURRENTVERSIONRUN udecylc
HKEY_LOCAL_MACHINESOFTWAREMICROSOFTWINDOWSCURRENTVERSIONRUN vowtjs
HKEY_LOCAL_MACHINESOFTWAREMICROSOFTWINDOWSCURRENTVERSIONRUN vwva
HKEY_LOCAL_MACHINESOFTWAREMICROSOFTWINDOWSCURRENTVERSIONRUN wkfmi
HKEY_LOCAL_MACHINESOFTWAREMICROSOFTWINDOWSCURRENTVERSIONRUN wsxfp
HKEY_LOCAL_MACHINESOFTWAREMICROSOFTWINDOWSNTCURRENTVERSIONWINLOGONUSERINIT userinit
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWSNT\CURRENTVERSION\WINLOGON\USERINIT\ userinit
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ CFmon
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ dunyup
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ ecx
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ fbxhs
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ fechme
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ gyowjn
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ hvccs
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ iqkil
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ jopmu
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ lkfiud
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ Microsoft(R) System Manager
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ MS Virtual CLS
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ nrurdu
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ nsxflo
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ oell
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ qkjp
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ rqw
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ saiuwwl
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ texb
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ udecylc
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ vowtjs
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ vwva
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ wkfmi
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ wsxfp
Disclaimer

Post comment — WE NEED YOUR OPINION!

Comment:
Name:
Please enter security code:
 This is a captcha-picture. It is used to prevent mass-access by robots.

 
© 2006-2024 pcthreat.com  |  Terms of use |  Privacy policy |  About us |  Link to US