Danger level 7
Type: Backdoors
Common infection symptoms:
  • Changes background
  • Shows commercial adverts
  • Normal system programs crash immediatelly
  • Slow internet connection
  • Cant change my homepage
  • Slow Computer
  • Connects to the internet without permission
  • Installs itself without permissions
Other mutations known as:
Backdoor.Tofsee.D

Backdoor.Tofsee

Backdoor.Tofsee is a generic detection for a big group of backdoor Trojans, distributed as UPX packed executable files. This family has many components that function together to increase traffic for certain websites. They are also responsible for spamming infected users with spam emails. Some components of Backdoor.Tofsee family simply infect the system to load the main infections. For example, Backdoor:Win32/Tofsee.I infects the target system to load it with Backdoor:Win32/Tofsee.F. The latter backdoor connects to the Internet behind your back by using an HTTP proxy. Once the connection a remote server is established Backdoor.Tofsee communicates with its creator and receives commands on what to do next - usually it generates and sends out spam email messages.

In order for the Backdoor.Tofsee to function immediately, the malware modifies Windows Registry upon the infection. The modifications are made in order to make sure that the backdoor runs automatically whenever Windows start. When Backdoor.Tofsee is run, it lowers or completely disable Internet security settings to make use of your broadband. It bypasses your Windows Firewall by adding to a "trusted program" list. This way Backdoor.Tofsee can make use of your Internet connection to send you spam email messages.

Aside from sending out spam messages, Backdoor.Tofsee could also be used to conduct distributed denial of service attacks. Since this infection opens a backdoor in your system and modifies your Firewall settings, your system automatically becomes vulnerable to other possible infections. Unfortunately, Backdoor.Tofsee does not have any specific infection symptoms, so you might not realize you are infected before it is too late. Therefore, it is highly recommended that you perform regular system scans with a reliable antimalware scanner (like SpyHunter) to prevent dangerous infections.

In order to remove Backdoor.Tofsee from your computer, you should invest in a legitimate computer security program to terminate the infection automatically. Malware backdoor removal is not recommended unless you are a computer expert and you know exactly what you are doing.

Download Spyware Removal Tool to Remove* Backdoor.Tofsee
  • Quick & tested solution for Backdoor.Tofsee removal.
  • 100% Free Scan for Windows
disclaimer

How to manually remove Backdoor.Tofsee

Files associated with Backdoor.Tofsee infection:

sbka.exe
ssbamyln.exe
qqzykwjl.exe
iqkil.exe
ndce.exe
fbxhs.exe
ymjhe.exe
fresdg.exe
awmxrol.exe
arrhkkw.exe
ndisvvan.sys
sbka.exe
rrq.exe
ndce.exe
jodxac.exe
bjgbw.exe
msvmcls64.exe
aymmqaf.exe
510417.exe
ubfhs.exe
init.exe
wkfmi.exe
dunyup.exe
jopmu.exe
lkfiud.exe
texb.exe
gyowjn.exe
nrurdu.exe
wsxfp.exe
iqkil.exe
udecylc.exe
rqw.exe
vwva.exe
oell.exe
vowtjs.exe
fbxhs.exe
saiuwwl.exe
ecx.exe
hvccs.exe
fechme.exe
nsxflo.exe
qkjp.exe
ybhl.exe
bjgbw.exe
gtksch.exe
oell.exe
msffvia.com
xkhryrfk.exe
dlnf.exe
pxkjeg.exe
ksum.exe
jcplfvd.exe
vwva.exe
hhqpbnac.exe
ynhkkdc.exe
iqsk.exe
yhovyomq.exe
tdsecfv.exe
sfcmtmaf.exe
jjr.exe
rqw.exe
zmjtathm.exe
qkjp.exe
xgjxt.exe
vifpwpdi.exe
vdfx.exe
lubilbzd.exe
ckme.exe
ivscjcqv.exe
vvedpboq.exe
ucew.exe
pxchj.exe
9A052F91CAD.exe
aajiugtv.exe
rrq.exe
jjsrdpce.exe
dmx.exe
hvccs.exe
krsgxn.exe
jodxac.exe
ppyxjvik.exe
ecx.exe
nsxflo.exe

Backdoor.Tofsee processes to kill:

9A052F91CAD.exe
pxchj.exe
dmx.exe
aajiugtv.exe
ksum.exe
rqw.exe
ckme.exe
jjr.exe
oell.exe
ssbamyln.exe
ecx.exe
ndce.exe
fbxhs.exe
bjgbw.exe
dlnf.exe
qkjp.exe
hvccs.exe
xgjxt.exe
rrq.exe
gtksch.exe
jjsrdpce.exe
iqkil.exe
pxkjeg.exe
krsgxn.exe
ymjhe.exe
fresdg.exe
awmxrol.exe
arrhkkw.exe
sbka.exe
rrq.exe
ndce.exe
jodxac.exe
bjgbw.exe
msvmcls64.exe
aymmqaf.exe
510417.exe
ubfhs.exe
init.exe
wkfmi.exe
dunyup.exe
jopmu.exe
lkfiud.exe
texb.exe
gyowjn.exe
nrurdu.exe
wsxfp.exe
iqkil.exe
udecylc.exe
rqw.exe
vwva.exe
oell.exe
vowtjs.exe
fbxhs.exe
saiuwwl.exe
ecx.exe
hvccs.exe
fechme.exe
nsxflo.exe
qkjp.exe
ybhl.exe
ynhkkdc.exe
sbka.exe
lubilbzd.exe
vifpwpdi.exe
ppyxjvik.exe
qqzykwjl.exe
vvedpboq.exe
jcplfvd.exe
yhovyomq.exe
ucew.exe
jodxac.exe
vwva.exe
zmjtathm.exe
nsxflo.exe
vdfx.exe
ivscjcqv.exe
tdsecfv.exe
iqsk.exe
hhqpbnac.exe
sfcmtmaf.exe
xkhryrfk.exe

Remove Backdoor.Tofsee registry entries:

HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ qkjp
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ nsxflo
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ fechme
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ hvccs
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ ecx
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ saiuwwl
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ fbxhs
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ vowtjs
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ vwva
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ oell
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ rqw
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ udecylc
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ dunyup
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CU
Disclaimer

Post comment — WE NEED YOUR OPINION!

Comment:
Name:
Please enter security code:
This is a captcha-picture. It is used to prevent mass-access by robots.