Print | Send on Yahoo! | PDF version | RSS | Filed Under: HOW TO....

How to remove Trojan.Downloader.Exchanger

Trojan.Downloader.Exchanger is an e-threat that spreads through unsolicited emails (spam). The message tries to trick users into clicking a link which is supposed to present adult rated material with famous stars like Angelina Jolie or Britney Spears.

If they take the bait, the malware will be downloaded an run on the computer.

The purpose of Trojan.Downloader.Exchanger is to download other malware that will either transform the victim's computer into a spam relay or aggressively push infection alerts in order to make them buy fake antivirus software.

In order to detect an Exchanger infection, start Autoruns , browse to the Services tab and search for a "CbEvtSvc" entry which points to %windir%\system32\cbevtsvc.exe. The file name might change slightly, but it's easy to recognize.

In order to remove this malware, follow the steps below:

1. Start Process Explorer
2. Search for CbEvtSvc under the services.exe tree and kill the process.

2.1 if this doesn't work press CTRL+F and search for CbEvtSvc

2.2 click on every handle and close it

2.3 retry killing the process

3. Delete the file from the hard disk
4. Delete the entry in Autoruns

 

 

Information in this article is available courtesy of BitDefender Virus Researchers: Daniel Chipiristeanu and Laura Boeriu

 

Additional notes: this guide is intended for any type of user as long as they follow the exact steps described above. Any damage done to your system as a result of following this guide is your responsibility. Malwarecity.com cannot guarantee a successful removal for any threat version described above.