NEWS
PARASITES
SOFTWARE
FORUM
DIRECTORY

 
 
 
 
 
 
  

Remove Todnab.b. Description and removal instructions

 
Title: Todnab.b
Type: Worms
Severity scale:Todnab.b severity is 47  (47 / 100)
 
Todnab.b is a worm that spreads through network shares and mapped network drives. Once executed, the parasite installs itself to the system and runs a spreading routine. Then it runs a payload. Todnab.b disables the System Restore service and system settings. The worm runs on every Windows startup.

FORUM:
Discuss Todnab.b in
spyware removal forum

Related files: servlog.exe, svhost.exe

Todnab.b properties:
• Hides from the user
• Stays resident in background

Automatic Todnab.b removal:

remover for Todnab.b

Todnab.b manual removal:

Kill processes:
servlog.exe, svhost.exe
HELP:
how to kill malicious processes

Delete registry values:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\SRVState_[X]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Run\system handler
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\System=%System%\svhost.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell=explorer.exe %System%\svhost.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit=%System%\userinit.exe,%System%\servlog.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows\Load\%System%\servlog.exe
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\AutoRun\echo off|%System%\servlog.exe|cls
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\AutoRun\%System%\svhost.exe /register
HELP:
how to remove registry entries

Delete files:
servlog.exe, svhost.exe
HELP:
how to remove harmful files

Misc:
Todnab.b files can be found in default system directory, which is usually C:\WINDOWS\System32 or C:\WINNT\System32.

Other programs to remove Todnab.b:

• Malwarebytes Anti Malware - Review - Download
• Malwarebytes Anti Malware - Review - Download
• Windows Defender - Review - Download

Information added: 24/11/06
Information updated: 24/11/06

Additional resources related to Todnab.b:

Attention: If you know or you have a website or page about Todnab.b removal, feel free to add a link to this list: add url



more resources

Post Comment:

Attention: Use this form only if you have additional information about Todnab.b parasite, its removal instructions, additional resources or behavior. By clicking "post comment" button you agree not to post any copyrighted, unlawful, harmful, threatening, abusive, harassing, defamatory, vulgar, obscene, profane, hateful, racially, ethnically or otherwise objectionable material of any kind.



Enter security code:

Latest spyware news:
Similar parasites:
Latest Spyware Threats: VirusProtect Pro | VirusLocker | SpyCrush | ContraVirus | SpyLocked | SpyDawn | AntiVerminser | SpywareQuake | VirusBurst | AntiVermins | AntiVermeans | Zlob | PopCorn.net | MovieLand | TagASaurus | BraveSentry | VirusBurster | SystemDoctor | VirusRescue | MalwareWipe | SpySheriff | CmdService | Smitfraud | SpywareStrike | WinFixer | WinHound | PestTrap | UnSpyPC
Agreement of Use | Privacy policy | Webmasters | Contact us | RSS Feeds
© 2001-2008 2-spyware.com All Rights Reserved. Reproduction in part or whole without written permission is prohibited. Powered by: eSolutions.