Usb_magr.exe removal

Bit Defender: Backdoor.IRCBot.ACTN:

Discovered in the August of 2009, this is a Backdoor Trojan that enters the Computer with the help of the Removable drives or through the Internet when you download unknown programs. This one fools the User by assuring that it is a Serial Bus service and disables the Anti-virus or the Firewall immediately so that the User wouldn't know what the system is actually going through. Like several other viruses, this one also drops a copy of it in the "C:\WINDOWS\" directory from where it is run on every startup. To make sure this is done without fail, a registry key is created by the Trojan itself when it is first run in the system. The Trojan names itself as "usb_magr.exe so that it cannot be recognized among the several Bus related services present. The virus may also inject itself into other processes such as the Services.exe which is a very easy target. However, to be sure of not getting detected by the Anti-viruses, the Trojan is being encrypted due to which the real code inside the virus cannot be over-looked. Once any removable disk is connected to the computer, a copy of "usb_magr.exe" is created inside the "Recycler" folder of the Disk in order to prevent itself from being detected easily. Like the other Pen-drive viruses, this one also creates an autorun.inf which consists of the code that points to the virus in the Recycler folder. It creates an opening in the system by pinging to a server or a web address from where it can be controlled and the personal information of that system can be updated. This virus also uses this server to update itself and hence it needs to be removed immediately to avoid any danger to your computer. The damage this Trojan can give is unpredictable and can even cause your computer to crash (if updated with interest). Here are the removal instructions for this Backdoor Trojan.

Manual instructions to remove usb_magr.exe:

  1. Lets get started with the registry editing in order to stop the virus from launching at the startups. To do this, better reboot your system in the Safe Mode.
  2. Go to Start-->Run and type "regedit". Navigate to the following registry key and delete it from there


    On your right, look for the service with the name "Universal Serial Bus device" consisting of the value "usb_magr.exe". If you find it, delete it immediately.

  3. Just to be sure that it is removed from the registry, press Ctrl+F and type the value "usb_magr.exe" in the box. If you find any entry, remove the path of the virus from it and close the registry.
  4. Now again go to Start-->Run and type "Services.msc" and search for the service name "Universal Serial Bus device" having the value "usb_magr.exe". Stop it if you find it running. Open your Task Manager and in the processes tab, check for the process "usb_magr.exe". End the process immediately if you find it. 
  5. Reboot your computer for the changes to take effect and using the Windows explorer, navigate to the "C:\WINDOWS\" folder and delete the file "usb_magr.exe". Also go to the "C:\RECYCLER\{directory}" and delete any file that you think is associated with the Trojan. 
  6. Restart your computer once again for the sake of the new changes. When the computer starts again, you can enable your Anti-virus and Firewall. Congratulations! you just got rid of the virus.

Posts that might help you:
Enable Safe mode booting, enable Registry
Get the best security software for your compter here!

powered by Blogger | WordPress by Newwpthemes | Converted by BloggerTheme