Trojan Adwaheck Remover 

Trojan.Adwaheck acts as both Adware and backdoor Trojan. It has infection length of 48,506 bytes. This represents the size of viral code in bytes, which is inserted by the virus into a program. The size of the file is represented by the infection length.

The operating systems such as Windows 3.x, Windows 98, Windows Me, Windows NT, Windows 2000 and Windows XP are vulnerable to a threat. Whereas Trojan.Adwaheck is not able to affect Linux, Macintosh, Microsoft IIS and UNIX operating systems.

It does following things when run:
A) Creates the value:
"%Trojan_filename_without_extension%"="%Trojan_filename%" in the registry key:

HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun

so that the Trojan will strat when you start or restart Windows.

B) It installs a VBScript from its body, adds a code, which initializes several internal variables. Then it executes that script.

C) It adds signature in the displayed HTML pages. For example, the signature can contain the words: hckdw2003*, 1.154.100.135 and the name of the executable that was run.

D) It checks for open Web browser windows and inspects the opened Web sites. If checks for the following search sites :

google.com, yahoo.com, search.msn.com, s.teoma.com, search.aol.com, altavista.com, web.ask.com, msxml.infospace.com/home/search

If it gets one of search sites, it redirects the search request to hard coded link.

E) This Trojan is very advanced. It submits a request to a remote web site and analyses the reply. The reply contain backdoor commands that allow the Trojan to query the hard-coded URLs and check whether an updated version is available. If it finds a new version then Trojan.Adwaheck will retrieve it, save it using the file name contained in the backdoor command, and then run it.

It also manages to redirect the requested URLs.

Tips To Protect Computer From Trojan Attacks 

• Thoroughly scan the software to be downloaded.

•  Do not open emails with suspicious attachments.

•  Isolate the infected computers from the network to avoid further damage.

• The file attachments such as vbs, .bat, .exe, .pif and .scr are more like to spread the virus threats to avoid this configure your email server to block or remove email that contains these file attachments.

• Completely turn off the system and remove unwanted auxiliary services, which are loaded by default along with operating sysems, such as FTP server, telnet, and a Web server. These services make the machine more vulnerable for Trojan attacks.

• Regularly update the patch.

• Use reputed antivirus programs such as Symantec and Norton.

• Use firewall.

• Change the passwords with regular intervals and select complex passwords.

Steps to remove the Trojan

a) Disable System Restore (Windows Me/XP). It depends upon which operating system do you use. If you are using Windows Me or Windows XP OS, it is recommended to turn off System Restore since Windows Me/XP uses this feature, it is enabled by default, It will restore the files on your computer in case they are damaged. If a virus or Trojan infects a computer, System Restore may back up the virus or Trojan on the computer. Since Windows prevents outside programs, including antivirus programs, to modify System Restore, antivirus programs or tools cannot remove threats in the System Restore folder. It results in restoring an infected file on your computer. Despite of virus scan the threat remains in the System Restore folder. To avoid it disable System Restore.

b) Update the virus definitions. Update the virus definitions regularly using Norton or Symantec anti-virus program.

c) Run a full system scan and delete all the files detected as Trojan.Adwaheck.

Scan with Norton or Symantec antivirus program. Run a full system scan and delete the files infected with Trojan.Adwaheck. d) Delete the value that was added to the registry. *Click Start, and then click Run. (The Run dialog box appears.)

• Type regedit

• Click OK. (The Registry Editor opens.)

• Navigate to the key:

HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun

• In the right pane, delete any value that refers to any file detected as Trojan.Adwaheck.

• Exit the Registry Editor.

With these steps, you will be able to remove Trojan.Adwaheck.

Run the reputed antivirus programs such as Symantec AntiVirus and Norton AntiVirus to detect and remove the Trojan.

Subscribe to "COMPTECH" ezine to get the latest news and updates on Windows Vista.

Enter your E-mail Address Enter your First Name (optional) Then Don't worry -- your e-mail address is totally secure. I promise to use it only to send you Mindpc.