Home Blog

How to Remove Trojan.Betabot completely from the PC

Posted by in Blog Trojan
on February 26th, 2013 | Leave a comment

Trojan.Betabot is a malicious Trojan that can open various websites without users’ approval. The Trojan will install remote control desktop on the compromised computer, so that a hackers can send command to the Trojan and collect sensitive information from the computer. Users could not find out Trojan.Betabot infection if their antivirus program does not display warnings. The infection symptom is somehow similar to browser hijacker, since the Trojan will bring many web browser issues. The most annoying is malicious websites or windows pop up when user is about to click on a legitimate link. Users can get more threats to their pc if they click on malicious pop-up by accident. To sop all the problems, you need to remove Trojan.Betabot completely.

How to delete Trojan.Betabot manually
Though manual way is not the best way to get rid of the Trojan, it is still a possible way for users who have advanced pc knowledge and skills.
1. Press Ctrl+Alt+Del to run Task Manager. Click process tab and kill the malicious
2. Remove the copy of Trojan.Betabot
%ProgramFiles%\Common Files\[TROJAN FOLDER NAME].{2227A280-3AEA-1069-A2DE-08002B30309D}\[NINE RANDOM LOWER CASE CHARACTERS].exe
3. Run registry editor to wipe off related registry entries

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\”[TROJAN FOLDER NAME]” = “[PATH TO TROJAN EXECUTABLE]”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\”[TROJAN FOLDER NAME]” = “[PATH TO TROJAN EXECUTABLE]”
HKEY_ALL_USERS\.default\Software\Microsoft\Windows\CurrentVersion\Run\”[TROJAN FOLDER NAME]” = “[PATH TO TROJAN EXECUTABLE]”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\”[TROJAN FOLDER NAME]” = “[PATH TO TROJAN EXECUTABLE]”
HKEY_ALL_USERS\.default\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\”[TROJAN FOLDER NAME]” = “[PATH TO TROJAN EXECUTABLE]”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\[TROJAN FILE NAME]\”Time” = “”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\[TROJAN FILE NAME]\”DisableExceptionChainValidation” = “”
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\TaskManager\”Task Service ID” = “[RANDOM HEXADECIMAL CHARACTERS]”
HKEY_ALL_USERS\.default\Software\Microsoft\Windows NT\CurrentVersion\TaskManager\”Task Service ID” = “[RANDOM HEXADECIMAL CHARACTERS]”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TaskManager\”Task Service ID” = “[RANDOM HEXADECIMAL CHARACTERS]”
HKEY_CURRENT_USER\Software\Win7zip\”Uuid” = “[RANDOM HEXADECIMAL CHARACTERS]”
HKEY_ALL_USERS\.default\Software\Win7zip\”Uuid” = “[RANDOM HEXADECIMAL CHARACTERS]”
HKEY_LOCAL_MACHINE\SOFTWARE\Win7zip\”Uuid” = “[RANDOM HEXADECIMAL CHARACTERS]”
HKEY_ALL_USERS\.default\Software\Classes\CLSID\[RANDOM GUID]\[EIGHT HEXADECIMAL CHARACTERS]\CW1\”[THREE OR FOUR DIGITS]” = “[HEXADECIMAL CHARACTERS]”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\”2500″ = “3″
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\”2500″ = “3″
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\”2500″ = “3″
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\”2500″ = “3″
HKEY_ALL_USERS\.default\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\”2500″ = “3″
HKEY_ALL_USERS\.default\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\”2500″ = “3″
HKEY_ALL_USERS\.default\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\”2500″ = “3″
HKEY_ALL_USERS\.default\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\”2500″ = “3″
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\”ShowSuperHidden” = “0″
HKEY_LOCAL_MACHINE\system\CurrentControlSet\Services\SSDPSRV\”Start” = “2″
HKEY_LOCAL_MACHINE\SOFTWARE\JavaSoft\Java Update\Policy\”EnableJavaUpdate” = “0″

A professional Trojan.Betabot removal program
Software can replace users to complete the removal job and avoid potential damages on the system. A virus removal program is designed to help users remove various pc threats including virus like Trojan.Betabot, Trojan, worm, spyware, malware, adware and so on and also protect the computer from attacks. As long as your computer is connected to internet, it is very necessary to equip the pc with a professional virus removal program. I guess you must have one.

A virus removal program that fails to stop Trojan.Betabot attack probably fails to remove it. So we recommend you an advanced virus removal program that can help you get rid of the virus instantly after a scan. It is called Spyware Cease, which a popular choice among pc technician. We think it is the best tool to remove Trojan.Betabot quickly.

Comments are closed.