jdsfjsdijf.exe (Trojan/virus)
• Avira: TR/Spy.SpyEyes.dqg
• Kaspersky: Trojan-Spy.Win32.SpyEyes.dqg
• Microsoft: Trojan:Win32/Meredrop
• Panda: Suspicious file
• AhnLab: Spyware/Win32.SpyEyes
• Ikarus: Trojan-Spy.Win32.SpyEyes
That's an ultimate virus which can run on any platform of Windows including Windows 7. This one was mainly designed in such a way that it doesn't hide itself in System folders of the computer. Instead, it creates its own hidden folder directly in the drive and launches its process from the specific directory. On the other hand, it makes the detection of the Trojan very easy. This way, it can be deleted in a flash. To make this difficult, the developer of this Trojan made it to run such that it injects itself into all the Windows processes that are currently running in the system. So when you try to delete this Trojan by using the normal delete function, an error message pops up saying that it is currently being used by a process. The virus also targets the security settings of Windows, thus gaining permissions to run as a separate process. During the execution of this process, the Trojan acts as a keylogger(learn more about keyloggers here) i.e, it records all the keystrokes that are being typed in the system. These keystrokes are saved in a file which can be sent to a particular server by connecting through a port in the computer. It mainly targets the Internet Explorer by changing several settings through registry modification. After these modifications, the Trojan can successfully connect to a remote server to which the saved key logs are sent. The code of the Trojan was packed and encrypted such that it is not easily detected when it enters the target's computer. It must be removed as early as possible since an update of its code can make it obtain complete access to all the saved files in your computer. Follow the instructions given below to delete this virus.
Manual instructions to delete jdsfjsdijf.exe:
Posts that might help you here:
Enabling Safe Mode booting, Enabling the Registry , Enable Hidden files and folders option and Enabling the Command Prompt.
• Kaspersky: Trojan-Spy.Win32.SpyEyes.dqg
• Microsoft: Trojan:Win32/Meredrop
• Panda: Suspicious file
• AhnLab: Spyware/Win32.SpyEyes
• Ikarus: Trojan-Spy.Win32.SpyEyes
That's an ultimate virus which can run on any platform of Windows including Windows 7. This one was mainly designed in such a way that it doesn't hide itself in System folders of the computer. Instead, it creates its own hidden folder directly in the drive and launches its process from the specific directory. On the other hand, it makes the detection of the Trojan very easy. This way, it can be deleted in a flash. To make this difficult, the developer of this Trojan made it to run such that it injects itself into all the Windows processes that are currently running in the system. So when you try to delete this Trojan by using the normal delete function, an error message pops up saying that it is currently being used by a process. The virus also targets the security settings of Windows, thus gaining permissions to run as a separate process. During the execution of this process, the Trojan acts as a keylogger(learn more about keyloggers here) i.e, it records all the keystrokes that are being typed in the system. These keystrokes are saved in a file which can be sent to a particular server by connecting through a port in the computer. It mainly targets the Internet Explorer by changing several settings through registry modification. After these modifications, the Trojan can successfully connect to a remote server to which the saved key logs are sent. The code of the Trojan was packed and encrypted such that it is not easily detected when it enters the target's computer. It must be removed as early as possible since an update of its code can make it obtain complete access to all the saved files in your computer. Follow the instructions given below to delete this virus.
Manual instructions to delete jdsfjsdijf.exe:
- Begin with rebooting the system in Safe Mode. When in Safe Mode, the Trojan would not be able to launch its own process. Click here if you're having trouble booting in Safe Mode.
- Now there is a possibility of the Trojan still running as an embedded process of other Windows processes. So deleting the Trojan directly from its folder might not actually help. Go to Start --> Run and type
regedit
to open the Registry editor. Navigate to the following locations and change the values. This procedure is quite long and is optional for people who don't use Internet Explorer.HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings
Here, make sure the entries are the same as shown below. If not, change them.
• "EnableHttp1_1"=%user defined settings%
• "ProxyHttp1.1"=%user defined settings%
• "WarnOnPost"=%user defined settings%
• "WarnOnPostRedirect"=%user defined settings%
• "WarnOnIntranet"=%user defined settings%
• "MigrateProxy"=%user defined settings%
• "ProxyEnable"=%user defined settings%
• "ProxyServer"=%user defined settings%
• "ProxyOverride"=%user defined settings%
• "AutoConfigURL"=%user defined settings%
Now go to the location
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\
Change the registry values to the ones shown below:
Zones\0
• "1409"=dword:0
Go to the location
• "1609"=dword:1
• "1406"=dword:0
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\
Change the registry values to the ones shown below:
Zones\1
• "1409"=dword:0
Go to the location
• "1609"=dword:1
• "1406"=dword:1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\
Change the registry values to the ones shown below:
Zones\2
• "1409"=dword:0
Go to the location
• "1609"=dword:1
• "1406"=dword:0
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\
Change the registry values to the ones shown below:
Zones\3
• "1409"=dword:0
Go to the location
• "1609"=dword:1
• "1406"=dword:3
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\
Change the registry values to the ones shown below:
Zones\4
• "1409"=dword:0
Go to the location
• "1609"=dword:1
• "1406"=dword:3
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\
Change the registry values to the ones shown below:
Lockdown_Zones\1
• "1406"=dword:1
Go to the location
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\
Change the values to the ones shown below:
Lockdown_Zones\2
• "1406"=dword:00000000
Go to the location
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\
Change the values to the ones shown below:
Lockdown_Zones\3
• "1406"=dword:3
Go to the location
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\
Change the values to the ones shown below:
Lockdown_Zones\4
• "1406"=dword:3
Go to the location
HKEY_CURRENT_CONFIG\Software\Microsoft\windows\CurrentVersion\
Change the values to the ones shown below:
Internet Settings
• "ProxyEnable"=dword:00000000
- Now that the Internet Explorer settings have been restored, its time to remove the Trojan from the registry completely. Go to the following location
HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN
Delete the key containing the value
• "jdsfjsdijf.exe"="C:\\jdsfjsdijf.exe\\jdsfjsdijf.exe"
As mentioned earlier, the Trojan might inject itself into other Windows processes. So we'll have to search for the Trojan in the Registry. To do so, pressCtrl + F
and type the wordjdsfjsdijf.exe
in the Find box. Whenever a key is found, remove only the valueC:\jdsfjsdijf.exe\jdsfjsdijf.exe
from each key and save it back. Repeat this until you get zero results. Restart your computer again in Safe Mode after you're done. - Now, the deletion process gets simple. Open the Command Prompt by typing
cmd
in the Run box. After the Command Prompt opens, typecd\
to go to the C: drive. When you're there, typeattrib -r -a -s -h jdsfjsdijf.exe
to remove the attributes. After that, typedel jdsfjsdijf.exe
to delete the Trojan. If you're getting an error message, try usingrmdir [tab_button]
to delete the complete directory.Learn more about using the Command Prompt here. - Sit back and relax. Your computer is safe from the Trojan.
Posts that might help you here:
Enabling Safe Mode booting, Enabling the Registry , Enable Hidden files and folders option and Enabling the Command Prompt.