•  Avira: TR/Agent.81920.EA
   •  Sophos: W32/Palevo-AI
   •  Bitdefender: Backdoor.Tofsee.DI
   •  Panda: W32/P2Pworm.OJ
   •  Eset: Win32/Peerfrag.FD

Surprising to see that it was updated by so many anti-viruses in such a short time. It can run on all possible operating systems of Windows except the Windows 7 due to the change in the location of its system files.The Trojan was only seen in the month of November when it started taking over several peer to peer networks. The process of propagation of this virus is quite fascinating. It tries to enter the target computer through a network which is connected in P2P for data transmission. The other methods of propagation of this virus is the most commonly used USB drives. Yes, the virus adds an autorun along with an exe file containing the malicious code. When the autorun is opened in a clean computer, the code is automatically executed. Another way of propagation used by this virus is through the messenger. It uses the Windows Messenger to enter the target's system. When the messenger is opened from an infected system, the Trojan automatically sends a message pointing to a specific address. When this address is clicked, the malicious file is downloaded into the target's computer and then executed. Once executed, the virus copies itself to the system with different names. Several registry modifications are made by the virus so as to make it run alongside Winlogon.exe which is a very crucial Windows process. It may also launch its own process that connects to a particular server and downloads malware from it. A copy of the Trojan is made in every directory of the computer. Once a removable disk is detected, the virus adds another copy of it to the new drive. It may also inject into processes like explorer.exe or iexplore.exe. It may also create a mutex with a random name. It is capable of downloading several malicious files to the target's system and hence must be deleted as early as possible. Follow the instructions given below to remove this Trojan.

Manual instructions to remove syscr.exe/autorun.exe:

  1. Reboot the system in the Safe Mode to avoid the launch of its process. If you have trouble opening your system in the Safe Mode, click here.
  2. You'll have to use the Command Prompt to delete the files created by the Trojan since they'll be hidden. To do this, follow the instructions given below:

    • Go to Start --> Run and type cmd
    • The virus is most probably present in the Recycler folder of every directory. In the Command Prompt, type cd\ to go to the drive.
    • Type cd recycler to go to the Recycler directory.
    • dir /w/a allows you to view the files in the folder.
    • Type attrib -r -a -s -h to remove any attributes assigned to the files in the folder.
    • Finally, type del *.* to remove all the files in the folder. Most of the viruses place a copy of themselves in this folder and hence, deleting all the contents of the directory would be a safer move. However, if you identify any files that can be of your use, you can delete only the specific files by typing del file_name.extension.
    • Make sure you delete the files in the same manner from all the drives of your computer. Type drive_name: followed by return to go from one drive to the other.
  3. The above instructions can only help you in deleting the files created by the virus. You still need to remove the associations from the registry to avoid errors during the startup. To do this, type regedit in the Run box and navigate to the following locations:
  4. [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] Delete the entry that goes by the name • "Taskman"="%recycle bin%\%CLSID%\syscr.exe"
  5. Also find for the words svscr.exe and autorun.exe using ctrl+F and remove the path from all the obtained results. This would undo all the changes done to your computer by the virus.
  6. Now restart your system. That's it, you won't be having any more trouble from this Trojan because you've successfully deleted it.

Posts that might help you here:
Enabling Safe Mode booting, Enabling the Registry , Enable Hidden files and folders option and Enabling the Command Prompt.
Get the best security software for your compter here!

powered by Blogger | WordPress by Newwpthemes | Converted by BloggerTheme