Full
Name: |
Surila.aw |
| Type: |
Trojan |
| Also Known As: |
Troj/Surila-I(SOPHOS) |
| Danger Level: |
8 |
| Category Description: |
Trojans are malicious applications that pose themselves as legitimate software in order to trick users to install them. Once on the victim's machine, it may run any number of malicious process to steal vital information or inflict damage to other software. |
| Official Description: |
Surila.aw is a backdoor trojan. |
| Comment: |
Adds itself into Windows Firewall Authorized application list. This trojan also sends spam mails from the infected computer. |
| |
|
| Properties: |
|
| Manual Removal: |
After scanning with X-Cleaner, follow the below given steps to correct the altered registry keys:
1. Click on Start Menu, select run.
2. Type "regedit" and press enter.
3. Navigate to each of the following keys and
In the right pane, delete the value(by right clicking over it):
"WINRUN" = "msupdate.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
HKEY_CURRENT_USER\Software\Microsoft\OLE
HKEY_CURRENT_USER\System\CurrentControlSet\Control\Lsa
4. Navigate to each of the following keys and
In the right pane, delete the value:
"C:\WINDOWS\csrss.exe" = "C:\WINDOWS\csrss.exe:*:Enabled:csrss.exe"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List
5. Close Registry Editor.
6. Restart your computer. |
