Click on screenshot to zoom
Danger level 8
Type: Trojans
Common infection symptoms:
  • Connects to the internet without permission
  • Shows commercial adverts
  • Strange toolbar installed without Your permission
  • Slow internet connection
  • System crashes
  • Annoying Pop-up's
  • Slow Computer

Trojan.FraudPack

Trojan.FraudPack is a vehicle for the distribution of well-known and highly despised rogue antispyware software. This Trojan carries the malicious Antispyware PRO XP. It is distributed online in a variety of ways, most notably through spam emails and infected websites which make use of drive-by download tactics. It will not alert the user to its presence, and will even disable all installed security software on the system in an effort to prevent itself from being discovered and removed. As a subsequent result of the harmful malware this Trojan carries, the user can expect to suffer various crippling and annoying symptoms from the malware delivered into the system by this Trojan. This includes being unable to connect to the Internet, not being able to run applications on the infected PC, and increased erratic system behavior. What is worse, this malware consumes so many valuable system resources that it will cause your system to operate severely poorly. This is why you MUST remove Trojan.FraudPack.

It was found that Trojan.FraudPack has alias names, including Trojan:W32/Fraudpack and Trojan.Win32.FraudPack.gen. Unfortunately, it is likely that several different versions of this malware exist, which makes this malware quite unpredictable. It is possible that Antispyware PRO XP is not the only infection that can be unleashed by this Trojan. Our research suggests that other rogue AV tools could be employed as well. Although this Trojan is usually associated with rogue malware removers, it is possible that it could be used for the infiltration of other infections as well. Unfortunately, this clandestine Trojan is very secretive, and it can conceal itself. Unless the infections downloaded by this threat give themselves away, you might be unaware that malware exists at all. Some of the files – which you can see listed below – could work as rootkits concealing themselves from detection. Since this Trojan can disable existing security tools (mostly outdated ones), detecting this threat can be a real challenge.

What do you know about Antispyware PRO XP? This fake AV tool is very old, and it is unlikely that it is a threat to computer users anymore. Nevertheless, we can guarantee you that if this AV corrupts your operating system, you need to delete it as soon as possible. This rogue was designed to convince you that you need to purchase a fake security tool to remove fake security threats. Here is an example of a bogus pop-up notification that this ridiculous security tool can introduce you to.

Spyware alert!
Vulnerabilities found
Your computer is infected by spyware – [number] serious threats have been found while scanning your files and registry. It is strongly recommended that you disinfect your computer and activate Realtime secure protection against future instructions.
Upgrade to full version of Antispyware PRO XP security kit to clean your computer and prevent new security and privacy attacks.

If you follow the “recommendations” of this fictitious security tool, it won’t be long before you disclose personal information (e.g., full name, credit card details) and make a worthless transaction. This rogue might pretend to remove infections; however, it is just another trick to ease your mind. If you do not recognize the scam even after you pay money, you will leave your operating system open to other infections that Trojan.FraudPack could download onto your operating system. In fact, third-party malware could have already entered your operating system without any warning. The Trojan itself could have been downloaded by other infections, and it is very difficult to say how many threats are currently running on your operating system. The easiest way for you to realize which threats and how many of them are active on your computer is by running a legitimate malware scanner.

Have you scanned your operating system? How many threats run along with Trojan.FraudPack? It is essential that you delete all active threats before they cause more damage than they already have. We advise trusting automated malware detection and removal software to eliminate malware from your operating system because it can guarantee success. After all, you need to install reliable security software to protect your operating system in the future, so why not install an anti-malware tool right now and have all of your security problems solved simultaneously? If you think you are ready to tackle all existing threats manually, start by identifying them. The list below shows which files you need to remove in order to delete Trojan.FraudPack. The task that most users struggle with is the removal of registry keys. Follow the guide below to learn how to clean the Windows Registry.

Remove Trojan.FraudPack registry keys

  1. Launch RUN by tapping Win+R keys on your keyboard.
  2. Type regedit.exe and click OK.
  3. Right-click the tool and choose Run as administrator.
  4. Click the Edit tab and click Find.
  5. Find and Delete these keys:
    • {BB28A003-32B3-F829-C4BC-F13F7CDC1FFD}
    • {ABD42510-9B22-41cd-9DCD-8182A2D07C63}
    • {ABD42510-9B22-41cd-9DCD-8182A2D07C63}
    • {ABC42510-9B22-41c1-9DCD-8182A2D07C63}
    • {ABD45510-9B22-41cd-9ACD-8182A2DA7C63}
    • {BBD4551A-9B23-41cd-9BCD-818AA2DA7B63}
    • {A77D3539-581D-450C-9E44-A84C415A6172}
  6. Navigate to HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\.
  7. Right-click and Delete these values: 18552814, 17170004, and 32439686185494356466812044125310.
Download Spyware Removal Tool to Remove* Trojan.FraudPack
  • Quick & tested solution for Trojan.FraudPack removal.
  • 100% Free Scan for Windows
disclaimer

How to manually remove Trojan.FraudPack

Files associated with Trojan.FraudPack infection:

odbns.exe
asam.exe
3F.tmp
rjvjlsvw.exe
MSASCui.exe
laensftav.exe
cbsd.exe
cmkisftav.exe
fbabj220320.exe
wscsvc32.exe
settdebugx.exe
~33.dll
win32extension.dll
5247.exe
video207.cfg.exe
a.exe
2E1.tmp.exe
lizkavd.exe
iehelpmod.dll
svchast.exe
shell32.dll
msh.exe
b.exe
msxmlm.dll
shkbubrhkk.dll
NetFilter.exe
av2009.exe
TckBX673.exe
av2[1].exe
f.exe
17170004.exe
18552814.exe
1000[1].exe
iehelper.dll
frmwrk32.exe
42w2bbrv.exe
~tmpad.exe
~tmpc.exe
msxml71.dll

Trojan.FraudPack DLL's to remove:

~33.dll
win32extension.dll
iehelpmod.dll
shell32.dll
msxmlm.dll
shkbubrhkk.dll
iehelper.dll
msxml71.dll

Trojan.FraudPack processes to kill:

odbns.exe
SearchSettingsProtection.exe
asam.exe
rjvjlsvw.exe
MSASCui.exe
laensftav.exe
cbsd.exe
cmkisftav.exe
fbabj220320.exe
wscsvc32.exe
settdebugx.exe
5247.exe
video207.cfg.exe
a.exe
2E1.tmp.exe
lizkavd.exe
svchast.exe
msh.exe
b.exe
NetFilter.exe
av2009.exe
TckBX673.exe
av2[1].exe
f.exe
17170004.exe
18552814.exe
1000[1].exe
frmwrk32.exe
42w2bbrv.exe
~tmpad.exe
~tmpc.exe

Remove Trojan.FraudPack registry entries:

HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ 32439686185494356466812044125310
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ Monopod
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ NordBull
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ settdebugx.exe
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ Somefox
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser HelperObjects\{35A5B43B-CB8A-49CA-A9F4-D3B308D2E3CC}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser HelperObjects\{60242C4F-F730-44B0-8440-F59C489C0219}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser HelperObjects\{9ED3EB90-FB3D-430C-B54F-8A2D5F03AE3B}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser HelperObjects\{A77D3539-581D-450C-9E44-A84C415A6172}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser HelperObjects\{B1D3576A-CA42-4D09-83C1-15D563C19D71}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser HelperObjects\{F9724685-E158-42E4-AF50-F613AA2D8BCF}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{500BCA15-57A7-4eaf-8143-8C619470B13D}
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ 17170004
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ 18552814
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ 21109
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ asam
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ InstalarProject1
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ objsvkml
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ realtecs
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ vshnnwvc
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\AntiPol
Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{500BCA15-57A7-4eaf-8143-8C619470B13D}
Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ABC42510-9B22-41c1-9DCD-8182A2D07C63}
Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ABD42510-9B22-41cd-9DCD-8182A2D07C63}
Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ABD45510-9B22-41cd-9ACD-8182A2DA7C63}
Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BBD4551A-9B23-41cd-9BCD-818AA2DA7B63}
RUNNING PROGRAM\b.exe
RUNNING PROGRAM\cbsd.exe
RUNNING PROGRAM\explorer.exe
RUNNING PROGRAM\lizkavd.exe
RUNNING PROGRAM\MSASCui.exe
RUNNING PROGRAM\NetFilter.exe
RUNNING PROGRAM\wscsvc32.exe
{ABD42510-9B22-41cd-9DCD-8182A2D07C63}
{BB28A003-32B3-F829-C4BC-F13F7CDC1FFD}
Disclaimer

Comments

  1. K Sep 16, 2009

    Directions would be nice... especially for us computer illiterates!

  2. Jalee Mar 9, 2010

    Yehh, I agree..

  3. goranhozic May 23, 2010

    thanks!

  4. NONE Jun 23, 2010

    OMG there is a removal tool right on the darn page.

  5. Thanh Jun 30, 2010

    Anyone know what the "f" are Dk1.exe and Dcymea.exe They look like malware

  6. john Oct 19, 2010

    This has worked wonderfully. Thanks A LOT!!!

  7. JM Jul 8, 2011

    REMOVAL TOOL WHERE ON THE PAGE?

  8. Pcthreat Jul 20, 2011

    JM,

    Download the infection scanner, which is just after the Trojan.FraudPack description.

Post comment — WE NEED YOUR OPINION!

Comment:
Name:
Please enter security code:
This is a captcha-picture. It is used to prevent mass-access by robots.