 Remove Feebs.b. Description and removal instructions
Once executed, Feebs.b displays a fake logon prompt, installs itself to the system and runs a spreading routine. The worm sends malicious letters to all the addresses it find on the compromised computer. It also creates infected files with meaningful names in shared folders of installed peer-to-peer programs. The parasite's payload is comprised of several harmful functions. Feebs.b collects user sensitive information including various passwords, account details and e-mail addresses, and uploads it to a predetermined FTP server. The worm terminates running antiviruses, firewalls and other security-related programs and prevents them from running on system startup. It also cripples and disables most system services and shuts down the Windows Firewall. Furthermore, Feebs.b may run a hidden web server used to spread the infection. The parasite uses an integrated rootkit component, which injects malicious code into all active processes in order to block access to the worm's files. Feebs.b automatically runs on every Windows startup. Related files: command.exe, ms[X1].exe, ms[X2]32.dll, ms[X3], userinit.exe Feebs.b properties: • Sends out logs by FTP or email • Connects itself to the internet • Hides from the user • Stays resident in background Automatic Feebs.b removal:remover for Feebs.b
Feebs.b manual removal:Kill processes:command.exe, ms[X1].exe Delete registry values: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\[filename] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CD5AC91B-AE7B-E83A-0C4C-E616075972F3} HKEY_CURRENT_USER\Software\Policies\Microsoft\WindowsFirewall\DomainProfile\EnableFirewall=0 HKEY_CURRENT_USER\Software\Policies\Microsoft\WindowsFirewallStandardProfile\EnableFirewall=0 HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\EnableFirewall=0 HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\EnableFirewall=0 HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\web=[site address] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS[X4] HKLM\SOFTWARE\Microsoft\MSGW Unregister DLLs: ms[X2]32.dll Delete files: command.exe, ms[X1].exe, ms[X2]32.dll, ms[X3], userinit.exe Misc: [X1], [X2], [X3] and [X4] are four different strings comprised of random characters. [site address] is an address of a web site on the popcapfree.t35.com domain. Filenames may vary. Feebs.b creates randomly named registry keys. Exact file location: command.exe - C: and C:\Documents and Settings\All Users\Start Menu\Programs\Startup ms[X1].exe, ms[X2]32.dll, ms[X3] - C:\Windows\System, C:\Windows\System32 or C:\Winnt\System32 Feebs.b drops its copies as several malicious *.zip files. The files can be named after the following: winamp_7_new!_full+crack.zip DivX_8.0_new!_full+crack.zip Internet_Explorer_7_new!_full+crack.zip ICQ_2007_new!_full+crack.zip Ahead_Nero_8_new!_full+crack.zip Microsoft_Office_2006_new!_full+crack.zip Kazaa_4_new!_full+crack.zip Vista_Final_new!_full+crack.zip Other programs to remove Feebs.b:• SUPERAntiSpyware - Review - Download• CounterSpy - Review - Download • Windows Defender - Review - Download Information added: 25/12/05 Information updated: 24/04/07 Additional resources related to Feebs.b:Attention: If you know or you have a website or page about Feebs.b removal, feel free to add a link to this list: add url
more resources Post Comment:Attention: Use this form only if you have additional information about Feebs.b parasite, its removal instructions, additional resources or behavior. By clicking "post comment" button you agree not to post any copyrighted, unlawful, harmful, threatening, abusive, harassing, defamatory, vulgar, obscene, profane, hateful, racially, ethnically or otherwise objectionable material of any kind.
|
Latest spyware news:
 Malware statistics of August 2008 by Kaspersky Security Network Computers at International Space Station got infected Memory vulnerability found on Windows Vista Two reporters banned from Black Hats conference for hacking Microblogging website exploited by Brazilian hackers Phishers biting their own baits Cyber criminals start working faster 75 percent of online banking websites are insecure Malware rates keep rising up Switzerland is the most spammed country in a worldSubscribe to news 
Similar parasites:
|
FORUM:
HELP:
