they take the bait, the malware will be downloaded an run on the computer.
purpose of Trojan.Downloader.Exchanger is to download other malware that will
either transform the victim’s computer into a spam relay or aggressively push
infection alerts in order to make them buy fake antivirus software.
order to detect an Exchanger infection, start Autoruns ,
browse to the Services tab and search for a “CbEvtSvc” entry which points to
%windir%system32cbevtsvc.exe. The file name might change slightly, but it’s
easy to recognize.
order to remove this malware, follow the steps below:
- Start Process Explorer
- Search for CbEvtSvc under
the services.exe tree and kill the process.
if this doesn’t work press CTRL+F and search for CbEvtSvc
click on every handle and close it
retry killing the process
- Delete the file from the
- Delete the entry in Autoruns
this article is available courtesy of BitDefender Virus Researchers: Daniel
Chipiristeanu and Laura Boeriu
Additional notes: this guide is intended
for any type of user as long as they follow the exact steps described above.
Any damage done to your system as a result of following this guide is your
responsibility. hotforsecurity.com cannot guarantee a successful removal for any
threat version described above.