jdsfjsdijf.exe (Trojan/virus)

• Avira: TR/Spy.SpyEyes.dqg
• Kaspersky: Trojan-Spy.Win32.SpyEyes.dqg
• Microsoft: Trojan:Win32/Meredrop
• Panda: Suspicious file
• AhnLab: Spyware/Win32.SpyEyes
• Ikarus: Trojan-Spy.Win32.SpyEyes


That's an ultimate virus which can run on any platform of Windows including Windows 7. This one was mainly designed in such a way that it doesn't hide itself in System folders of the computer. Instead, it creates its own hidden folder directly in the drive and launches its process from the specific directory. On the other hand, it makes the detection of the Trojan very easy. This way, it can be deleted in a flash. To make this difficult, the developer of this Trojan made it to run such that it injects itself into all the Windows processes that are currently running in the system. So when you try to delete this Trojan by using the normal delete function, an error message pops up saying that it is currently being used by a process. The virus also targets the security settings of Windows, thus gaining permissions to run as a separate process. During the execution of this process, the Trojan acts as a keylogger(learn more about keyloggers here) i.e, it records all the keystrokes that are being typed in the system. These keystrokes are saved in a file which can be sent to a particular server by connecting through a port in the computer. It mainly targets the Internet Explorer by changing several settings through registry modification. After these modifications, the Trojan can successfully connect to a remote server to which the saved key logs are sent. The code of the Trojan was packed and encrypted such that it is not easily detected when it enters the target's computer. It must be removed as early as possible since an update of its code can make it obtain complete access to all the saved files in your computer. Follow the instructions given below to delete this virus.

Manual instructions to delete jdsfjsdijf.exe:

  1. Begin with rebooting the system in Safe Mode. When in Safe Mode, the Trojan would not be able to launch its own process. Click here if you're having trouble booting in Safe Mode.
  2. Now there is a possibility of the Trojan still running as an embedded process of other Windows processes. So deleting the Trojan directly from its folder might not actually help. Go to Start --> Run and type regedit to open the Registry editor. Navigate to the following locations and change the values. This procedure is quite long and is optional for people who don't use Internet Explorer.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings
    Here, make sure the entries are the same as shown below. If not, change them.
    • "EnableHttp1_1"=%user defined settings%
    • "ProxyHttp1.1"=%user defined settings%
    • "WarnOnPost"=%user defined settings%
    • "WarnOnPostRedirect"=%user defined settings%
    • "WarnOnIntranet"=%user defined settings%
    • "MigrateProxy"=%user defined settings%
    • "ProxyEnable"=%user defined settings%
    • "ProxyServer"=%user defined settings%
    • "ProxyOverride"=%user defined settings%
    • "AutoConfigURL"=%user defined settings%

    Now go to the location
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\
    Zones\0
    Change the registry values to the ones shown below:
    • "1409"=dword:0
    • "1609"=dword:1
    • "1406"=dword:0
    Go to the location
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\
    Zones\1
    Change the registry values to the ones shown below:
    • "1409"=dword:0
    • "1609"=dword:1
    • "1406"=dword:1
    Go to the location
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\
    Zones\2
    Change the registry values to the ones shown below:
    • "1409"=dword:0
    • "1609"=dword:1
    • "1406"=dword:0
    Go to the location
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\
    Zones\3
    Change the registry values to the ones shown below:
    • "1409"=dword:0
    • "1609"=dword:1
    • "1406"=dword:3
    Go to the location
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\
    Zones\4
    Change the registry values to the ones shown below:
    • "1409"=dword:0
    • "1609"=dword:1
    • "1406"=dword:3
    Go to the location
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\
    Lockdown_Zones\1
    Change the registry values to the ones shown below:
    • "1406"=dword:1
    Go to the location
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\
    Lockdown_Zones\2
    Change the values to the ones shown below:
    • "1406"=dword:00000000
    Go to the location
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\
    Lockdown_Zones\3
    Change the values to the ones shown below:
    • "1406"=dword:3
    Go to the location
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\
    Lockdown_Zones\4
    Change the values to the ones shown below:
    • "1406"=dword:3
    Go to the location
    HKEY_CURRENT_CONFIG\Software\Microsoft\windows\CurrentVersion\
    Internet Settings
    Change the values to the ones shown below:
    • "ProxyEnable"=dword:00000000
  3. Now that the Internet Explorer settings have been restored, its time to remove the Trojan from the registry completely. Go to the following location
    HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN
    Delete the key containing the value
    • "jdsfjsdijf.exe"="C:\\jdsfjsdijf.exe\\jdsfjsdijf.exe"
    As mentioned earlier, the Trojan might inject itself into other Windows processes. So we'll have to search for the Trojan in the Registry. To do so, press Ctrl + F and type the word jdsfjsdijf.exe in the Find box. Whenever a key is found, remove only the value C:\jdsfjsdijf.exe\jdsfjsdijf.exe from each key and save it back. Repeat this until you get zero results. Restart your computer again in Safe Mode after you're done.
  4. Now, the deletion process gets simple. Open the Command Prompt by typing cmd in the Run box. After the Command Prompt opens, type cd\ to go to the C: drive. When you're there, type attrib -r -a -s -h jdsfjsdijf.exe to remove the attributes. After that, type del jdsfjsdijf.exe to delete the Trojan. If you're getting an error message, try using rmdir [tab_button] to delete the complete directory.Learn more about using the Command Prompt here.
  5. Sit back and relax. Your computer is safe from the Trojan.

Posts that might help you here:
Enabling Safe Mode booting, Enabling the Registry , Enable Hidden files and folders option and Enabling the Command Prompt.
VShop
Get the best security software for your compter here!

powered by Blogger | WordPress by Newwpthemes | Converted by BloggerTheme