Friday, March 21, 2014

Help Yourself Get Rid of Win64:Bot-A [Trj]

Complaints about Win64:Bot-A [Trj]:

Case one: Help!  I'm on a PC, Windows 8.1, 64 bit OS and just the other day, I kept getting pop ups every 30 seconds that there was a threat detected of rsa64.dll file.  I've done full scans, even downloaded Malwarebytes Anti-malware and both quick and full scans on Avast do not reveal the infection.  And yet I look at the quarantine folder and there the files are.  And when I'm on the desktop mode, it keeps flashing right before the pop up for threat detected comes up.  Help?

Case two: HI, I'm getting warnings every 5 sec by Avast saying that this file: C:\ProgramData\Microsoft\Crypto\RSA64\rsa64.dll (or these files: C:\ProgramData\Microsoft\Crypto\RSA64\temp\* ) are infected by said Trojan Win64:Bot-A [Trj].I'm running win 8 64. I am unable to download Malwarebytes' Anti-Malware.
Can somebody help / give a hint? Many thanks!

How harmful Win64:Bot-A [Trj] is? 

Win64:Bot-A [Trj] is a malicious Trojan horse which will destroy the operating system gradually. After being infected with Win64:Bot-A [Trj], computer users may encounter a lot of computer problems, such as the poor running speed, windows freeze and even the system crash. To protect itself from being removed by antivirus software, Win64:Bot-A [Trj] modifies the registry entries and files that stored in the system and mutates frequently to add new characteristics. 

To completely get rid of Win64:Bot-A [Trj] Trojan horse, you have to find out all the vicious files and registries, and then delete all of them. Follow the video and manual removal guide as follow to remove this virus as soon as possible.

Step-by-step guide to remove Win64:Bot-A [Trj]:

Step 1: Launch your PC into Safe Mode with Networking.
 Restart your computer. As your computer restarts but before Windows launches, tap "F8" key constantly. Use the arrow keys to highlight the "Safe Mode with Networking" option, and then press ENTER.


Step 2: Stop all processes that related to this computer virus
Press Window+R keys together. In the dialogue box that pop-up, type into taskmgr and press OK.  



Terminate all the malicious processes in the Window Task Manager.


Step3:Disable any suspicious startup items that are made by infections.
click start menu; type msconfig in the search bar; open System Configuration Utility; Disable all possible startup items generated.

Step4:Show all hidden files and clean all the malicious files about this virus
Click the Start button and choose Control Panel, clicking Appearance and Personalization, to find Folder Options then double-click on it.



In the pop-up dialog box, click the View tab and uncheck Hide protected operating system files (Recommended).

Clean all the malicious files about this computer virus as below.
%AppData%\<random>.exe
%CommonAppData%\<random>.exe
%temp%\<random>.exe
C:\Program Files\<random>
C:\Windows\Temp\<random>.exe

Step5:Remove all the vicious registry entries as follows:
Open Registry Editor by pressing Window+R keys together and typing into Regedit, then pressing Enter.

Find out all harmful registry entries of the virus and delete all of them.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "<random>" = "%AppData%\<random>.exe"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run "<random>" = "%AppData%\<random>.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations "LowRiskFileTypes"=".zip;.rar;.nfo;.txt;.exe;.bat;.com;.cmd;.reg;.msi;.htm;.html;.gif;.bmp;.jpg;.avi;.mpg;.mpeg;.mov;.mp3;.m3u;.wav;"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments "SaveZoneInformation"=1

Video on how to remove Trojan horse:


If the manual guide is kinda difficult for you, please feel free to download automatic removal tool SpyHunter to drive the self-invited guest away.

Method two: Automatically remove Win64:Bot-A [Trj] with Spyhunter antivirus software:

 

Step 1: click the icon below to download automatic removal tool SpyHunter

 
http://www.pcresolvers.com/spyhunter.php

 

Step 2: follow the instructions to install SpyHunter

 



 

Step 3: run SpyHunter to automatically detect and uninstall OffersWizard

 


Summary: Due to the changeable characters of Win64:Bot-A [Trj], you cannot be too careful to distinguish the harmful files and registries from the system files and registries. If you have spend too much time in manual removing Win64:Bot-A [Trj] and still not make any progress, you can download and install Spyhunter antivirus software here to remove Win64:Bot-A [Trj] automatically for you.

1 comment:

Unknown said...

Everything is fixed! you guys are so amazing. i should have contacted you earlier. i have wasted quite a long time in doing this by myself. if i have PC problems in future, i will definitely come to you again. thank you again.

Post a Comment