For HomeFor BusinessFor Partners
How to
1 min read

How to remove Trojan.Downloader.Exchanger

Bogdan BOTEZATU

November 24, 2008

Promo Protect all your devices, without slowing them down.
Free 30-day trial
How to remove Trojan.Downloader.Exchanger

If
they take the bait, the malware will be downloaded an run on the computer.

The
purpose of Trojan.Downloader.Exchanger is to download other malware that will
either transform the victim’s computer into a spam relay or aggressively push
infection alerts in order to make them buy fake antivirus software.

In
order to detect an Exchanger infection, start Autoruns ,
browse to the Services tab and search for a “CbEvtSvc” entry which points to
%windir%system32cbevtsvc.exe. The file name might change slightly, but it’s
easy to recognize.

In
order to remove this malware, follow the steps below:

  1. Start Process Explorer
  2. Search for CbEvtSvc under
    the services.exe tree and kill the process.

2.1
if this doesn’t work press CTRL+F and search for CbEvtSvc

2.2
click on every handle and close it

2.3
retry killing the process

  1. Delete the file from the
    hard disk
  2. Delete the entry in Autoruns

 

Exchanger PE

 

Information in
this article is available courtesy of BitDefender Virus Researchers: Daniel
Chipiristeanu and Laura Boeriu

 

Additional notes: this guide is intended
for any type of user as long as they follow the exact steps described above.
Any damage done to your system as a result of following this guide is your
responsibility. hotforsecurity.com cannot guarantee a successful removal for any
threat version described above.

tags

How to

Author

Bogdan BOTEZATU

Bogdan BOTEZATU

Bogdan is living his second childhood at Bitdefender as director of threat research.

View all posts

Right now Top posts

Spam trends of the week: Crypto giveaways, false prophets, Fintech phishing scams and more hit user inboxes worldwide
Scam Spam

Spam trends of the week: Crypto giveaways, false prophets, Fintech phishing scams and more hit user inboxes worldwide

April 19, 2024

5 min read
Start Cyber Resilience and Don’t Be an April Fool This Spring and Beyond
Scam How to Tips and Tricks

Start Cyber Resilience and Don’t Be an April Fool This Spring and Beyond

April 01, 2024

2 min read
Spam trends of the week: Cybercrooks phish for QuickBooks, American Express and banking accounts
Spam Industry News Threats

Spam trends of the week: Cybercrooks phish for QuickBooks, American Express and banking accounts

November 28, 2023

4 min read
Protecting your important: Stick to these 8 cybersecurity tips for safe Black Friday and Cyber Monday deal hunting
Protecting Your Important How to Tips and Tricks

Protecting your important: Stick to these 8 cybersecurity tips for safe Black Friday and Cyber Monday deal hunting

November 08, 2023

4 min read

FOLLOW US ON SOCIAL MEDIA

You might also like

City street lights "misbehave" after ransomware attack
Industry News

City street lights "misbehave" after ransomware attack
Graham CLULEY

April 24, 2024

2 min read
13 People Involved in Spyware Banned from Crossing US Borders
Industry News

13 People Involved in Spyware Banned from Crossing US Borders
Filip TRUȚĂ

April 24, 2024

2 min read
GitHub Flaw Could Allow Threat Actors to Distribute Malware on GitLab
Industry News

GitHub Flaw Could Allow Threat Actors to Distribute Malware on GitLab
Vlad CONSTANTINESCU

April 24, 2024

2 min read

Bookmarks

loader