Danger level 7
Type: Backdoors
Common infection symptoms:
  • Changes background
  • Shows commercial adverts
  • Normal system programs crash immediatelly
  • Slow internet connection
  • Cant change my homepage
  • Slow Computer
  • Connects to the internet without permission
  • Installs itself without permissions
Other mutations known as:
Backdoor.Tofsee.D

Backdoor.Tofsee

Backdoor.Tofsee is a generic detection for a big group of backdoor Trojans, distributed as UPX packed executable files. This family has many components that function together to increase traffic for certain websites. They are also responsible for spamming infected users with spam emails. Some components of Backdoor.Tofsee family simply infect the system to load the main infections. For example, Backdoor:Win32/Tofsee.I infects the target system to load it with Backdoor:Win32/Tofsee.F. The latter backdoor connects to the Internet behind your back by using an HTTP proxy. Once the connection a remote server is established Backdoor.Tofsee communicates with its creator and receives commands on what to do next - usually it generates and sends out spam email messages.

In order for the Backdoor.Tofsee to function immediately, the malware modifies Windows Registry upon the infection. The modifications are made in order to make sure that the backdoor runs automatically whenever Windows start. When Backdoor.Tofsee is run, it lowers or completely disable Internet security settings to make use of your broadband. It bypasses your Windows Firewall by adding to a "trusted program" list. This way Backdoor.Tofsee can make use of your Internet connection to send you spam email messages.

Aside from sending out spam messages, Backdoor.Tofsee could also be used to conduct distributed denial of service attacks. Since this infection opens a backdoor in your system and modifies your Firewall settings, your system automatically becomes vulnerable to other possible infections. Unfortunately, Backdoor.Tofsee does not have any specific infection symptoms, so you might not realize you are infected before it is too late. Therefore, it is highly recommended that you perform regular system scans with a reliable antimalware scanner (like SpyHunter) to prevent dangerous infections.

In order to remove Backdoor.Tofsee from your computer, you should invest in a legitimate computer security program to terminate the infection automatically. Malware backdoor removal is not recommended unless you are a computer expert and you know exactly what you are doing.

Download Spyware Removal Tool to Remove* Backdoor.Tofsee
  • Quick & tested solution for Backdoor.Tofsee removal.
  • 100% Free Scan for Windows
disclaimer

How to manually remove Backdoor.Tofsee

Files associated with Backdoor.Tofsee infection:

vifpwpdi.exe
ymjhe.exe
fresdg.exe
awmxrol.exe
arrhkkw.exe
ndisvvan.sys
sbka.exe
rrq.exe
ndce.exe
jodxac.exe
bjgbw.exe
msvmcls64.exe
aymmqaf.exe
510417.exe
ubfhs.exe
init.exe
wkfmi.exe
dunyup.exe
jopmu.exe
lkfiud.exe
texb.exe
gyowjn.exe
nrurdu.exe
wsxfp.exe
iqkil.exe
udecylc.exe
rqw.exe
vwva.exe
oell.exe
vowtjs.exe
fbxhs.exe
saiuwwl.exe
ecx.exe
hvccs.exe
fechme.exe
nsxflo.exe
qkjp.exe
ybhl.exe
hvccs.exe
xgjxt.exe
9A052F91CAD.exe
hhqpbnac.exe
jodxac.exe
ppyxjvik.exe
aajiugtv.exe
oell.exe
ndce.exe
ssbamyln.exe
bjgbw.exe
vvedpboq.exe
iqsk.exe
vdfx.exe
qkjp.exe
vwva.exe
yhovyomq.exe
ivscjcqv.exe
rrq.exe
fbxhs.exe
dlnf.exe
ecx.exe
ksum.exe
jcplfvd.exe
zmjtathm.exe
gtksch.exe
msffvia.com
lubilbzd.exe
rqw.exe
jjsrdpce.exe
dmx.exe
krsgxn.exe
ucew.exe
sfcmtmaf.exe
iqkil.exe
pxkjeg.exe
xkhryrfk.exe
nsxflo.exe
ynhkkdc.exe
pxchj.exe
tdsecfv.exe
jjr.exe
sbka.exe
ckme.exe
qqzykwjl.exe

Backdoor.Tofsee processes to kill:

sfcmtmaf.exe
iqsk.exe
aajiugtv.exe
rrq.exe
ppyxjvik.exe
vvedpboq.exe
vdfx.exe
bjgbw.exe
iqkil.exe
zmjtathm.exe
ecx.exe
xgjxt.exe
9A052F91CAD.exe
krsgxn.exe
sbka.exe
ucew.exe
ivscjcqv.exe
nsxflo.exe
dmx.exe
xkhryrfk.exe
ckme.exe
ymjhe.exe
fresdg.exe
awmxrol.exe
arrhkkw.exe
sbka.exe
rrq.exe
ndce.exe
jodxac.exe
bjgbw.exe
msvmcls64.exe
aymmqaf.exe
510417.exe
ubfhs.exe
init.exe
wkfmi.exe
dunyup.exe
jopmu.exe
lkfiud.exe
texb.exe
gyowjn.exe
nrurdu.exe
wsxfp.exe
iqkil.exe
udecylc.exe
rqw.exe
vwva.exe
oell.exe
vowtjs.exe
fbxhs.exe
saiuwwl.exe
ecx.exe
hvccs.exe
fechme.exe
nsxflo.exe
qkjp.exe
ybhl.exe
tdsecfv.exe
pxchj.exe
rqw.exe
jjsrdpce.exe
jodxac.exe
hhqpbnac.exe
ynhkkdc.exe
ndce.exe
jcplfvd.exe
dlnf.exe
jjr.exe
pxkjeg.exe
qqzykwjl.exe
gtksch.exe
vwva.exe
qkjp.exe
lubilbzd.exe
vifpwpdi.exe
ssbamyln.exe
fbxhs.exe
yhovyomq.exe
hvccs.exe
ksum.exe
oell.exe

Remove Backdoor.Tofsee registry entries:

HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ qkjp
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ nsxflo
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ fechme
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ hvccs
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ ecx
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ saiuwwl
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ fbxhs
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ vowtjs
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ vwva
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ oell
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ rqw
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ udecylc
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ dunyup
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CU
Disclaimer

Post comment — WE NEED YOUR OPINION!

Comment:
Name:
Please enter security code:
This is a captcha-picture. It is used to prevent mass-access by robots.