syscron.exe Removal(Trojan)


This is another Trojan that usually enters the computer from visiting malicious sites. It may also be downloaded by other viruses by connecting to a particular server. Though it doesn't cause much damage to the target system, it is still considered to be dangerous as it might download other viruses to the computer. Due to several changes in the file system allocation in Windows platforms like Windows 7 and vista, there is a lesser possibility of this virus affecting them. However, the malware can be upgraded to perform several activities that may completely crash the system. As far as the payload is concerned, the Trojan was seen messing up with the security of the operating system. It was also seen connecting to a particular server and opening one of the ports in the computer. It also downloads other malicious programs from this server and executes them. It modifies the registry entries such that it is executed at every startup. It injects its malicious code into other commonly launched windows processes such as explorer.exe from which it continues executing its code as a thread of that process. It also registers a dll which monitors the activities performed on the Internet by the user. This Trojan must be removed in order to avoid putting your system into further risk. Follow the instructions given below to do so.

Manual instructions to delete syscron.exe:

  1. Reboot your system in the Safe Mode. Doing so would allow only specific windows processes to launch during the startup. Click here if you're having trouble booting in the Safe Mode.
  2. Its time to delete the files associated with this Trojan. To do so, go to Start --> Run and type %temp%. This will take your to the temporary folder. Since the Trojan saves the malicious file with random characters, its hard to estimate which name the infectious file may have. However, all the files there in this folder are mostly useless. Select all and make sure you delete them(including the hidden files). This will get rid of the temporary file created by the virus. Another bit of its malicious code is present in a file located in the %user profile% folder. The location of the folder in most of the computers is probably C:\Documents and Settings\Username\(where Username indicates the name of the Administrator). Delete the file with the name usernt.dat. You're not done yet. Go to Run and type "%Username%\Start Menu\Programs\Startup"(again, Username must be replaced with the name of the Administrator) to open the Startup folder. Delete the file syscron.exe which is probably hidden in most cases.
  3. Only a couple more instructions and you'll get your computer working back to normalcy. Go to Start --> Run and type regedit. This would open the Registry Editor using which we're about to undo all the changes done to your computer by the Trojan. Type Ctrl + F to use the Find button. Since we do not know how many processes the Trojan has injected itself into, we'll have to search the registry for its name. Type syscron.exe and select the Find option. When the Trojan is found, open the particular registry entry and just remove the path of the Trojan. Don't delete the complete entry.
  4. The Trojan might have added a DLL file to the running processes. This can be done by unregistering NTDLL.DLL. Find out more about unregistering a DLL from here.
  5. That was a lot of work!! Sit back and relax. The Trojan is finally removed. Don't forget to restart your system for the changes to take effect.

Posts that might help you here:
Enabling Safe Mode booting, Enabling the Registry , Enable Hidden files and folders option and Enabling the Command Prompt.
Get the best security software for your compter here!

powered by Blogger | WordPress by Newwpthemes | Converted by BloggerTheme