Spyware Removal

Remove Satiloler.d


What is Satiloler.d and removal instructions

Satiloler.d is a trojan designed to steal user sensitive information. Once executed, the parasite silently installs itself to the system, overwrites essential system files with own copies, disables Windows essential tools and components, terminates some running antiviruses, firewalls, browsers and system utilities. Satiloler.d runs an integrated keylogger, which records various login names, passwords and e-mail profile details. It also tracks user Internet activity and logs all the data the user enters on banking web sites. The trojan transfers gathered data to a predetermined web server. Satiloler.d can work as a hidden proxy server. The parasite is able to bypass the Windows Firewall, update itself via the Internet and block access to certain web sites. It automatically runs on every Windows startup.

Satiloler.d manual removal:

Kill processes:
ctfmon.exe, lsass.exe, userinit.exe
Delete registry values:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\ctfmon.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\userinit
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\%System%\userinit.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\%Windir%\System\ctfmon.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SFCDisable=FFFFFF9D
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SFCScan=0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\System
HKEY_LOCAL_MACHINE\SOFTWARE\tvr
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\d
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\gold
Delete files:
ctfmon.exe, lsass.exe, userinit.exe, divx5.dll, sfc.dll, sfc_os.dll, cmd.txt, hst.txt, h323.txt
Misc:
The h323.txt file contains stolen user sensitive information.

Exact file location:
ctfmon.exe - C:\Windows\System or C:\Winnt\System
lsass.exe - C:\Program Files\Common Files\System
userinit.exe, divx5.dll, sfc.dll, sfc_os.dll, cmd.txt, hst.txt, h323.txt - C:\Windows\System, C:\Windows\System32 or C:\Winnt\System32

      
Related Spyware Removal

 

 
Previous: Satiloler.e   Next: Satiloler.c
| 1-9 | O | P | Q | R | S | T | U | V | W | X | Y | N | M | L | A | B | C | D | E | F | G | H | I | J | K | Z
Copyright © SpywareDot 2004-2009| Spyware Removal.  All rights reserved.