Home Blog

Trojan.Tbot Removal – How to Remove Trojan.Tbot completely

Posted by in Blog backdoor trojan
on December 10th, 2012 | Leave a comment

Trojan.Tbot is a backdoor Trojan like Backdoor.Makadocs that allow the hackers to access the compromised computer randomly. The Trojan may install remote desktop control so that hackers can monitor or collect the system. The infected computer has lots of files and registry entries associated with the Trojan. Trojan.Tbot creates related registry entries to enable it to run at windows startup. When the Trojan executes, it may download additional pc threats to the computer or insert itself to a system files. Moreover, the Trojan is detected to collect information on the background and then send to its server. You may suffer poor pc performance, hijacked web browser, annoying pop-up and system crashes due to the infection. At the first time you notice Trojan.Tbot you should remove it completely.

How to remove Trojan.Tbot completely

There are two common ways to get rid of a Trojan. If you know or you can find out files and registry entries created by the Trojan, you can try to remove them manually. If you can not locate malicious items, you need a security program to complete the task.

Trojan.Tbot manual removal
1. End suspicious processes via task manager, such as svchost.exe
2. Delete following files

C:\Documents and Settings\Administrator\Application Data\[RANDOM NAME]\[RANDOM NAME].exe
C:\Documents and Settings\Administrator\Application Data\[RANDOM NAME]\[RANDOM NAME].tmp
C:\Documents and Settings\Administrator\Application Data\[RANDOM NAME]\[RANDOM NAME].upp
C:\Documents and Settings\Administrator\Application Data\tor\cached-certs
C:\Documents and Settings\Administrator\Application Data\tor\cached-consensus
C:\Documents and Settings\Administrator\Application Data\tor\cached-descriptors
C:\Documents and Settings\Administrator\Application Data\tor\cached-descriptors.new
C:\Documents and Settings\Administrator\Application Data\tor\hidden_service\hostname
C:\Documents and Settings\Administrator\Application Data\tor\hidden_service\private_key
C:\Documents and Settings\Administrator\Application Data\tor\lock
C:\Documents and Settings\Administrator\Application Data\tor\state
C:\Documents and Settings\Administrator\Local Settings\Temp\OpenCL.dll

3. Run registry editor and delete Trojan.Tbot registry entries

HKEY_USERS\S-1-5-21-1172441840-534431857-1906119351-500\Software\Microsoft\Windows\CurrentVersion\Run\{58918AFF-36B7-5CDE-6038-278B35A6192F}: “C:\Documents and Settings\Administrator\Application Data\[RANDOM NAME]\[RANDOM NAME].exe”

Trojan.Tbot removal programs
Removing so many files and registry entries manually takes a long time. Meanwhile, manual removal is uncertain and easily results in mistakes. To get rid of the Trojan safely, you should use a security program which can detect and remove viruses automatically. Using a security program is the most popular choice when users want to remove Trojan.Tbot. Do you know which program can help you out of the trouble immediately? We have a good recommendation. Spyware Cease is professional antispyware program good at removing latest Trojans like Trojan.Tbot.

Leave a Reply