Saturday, December 15, 2012

Trojan horse Agent3.CPCF - lssasr.exe Infection

AVG has discoverd you have Trojan horse Agent3.CPCF everywhere? Does this vermin keep re-spawning though you constantly asking to remove the object of c:\Windows\System32\lssasr.exe? Having no clue how to get rid of Trojan horse Agent3.CPCF? This post and Tee Support online tech experts will walk you through such mess.

Agent3.CPCF Trojan Information

Trojan horse Agent3.CPCF is a Trojan infection that bring about multifacet changes to to the target Windows system. Nonetheless, the real threat lies in the invisible activities to gather valuable information and transfer to distant hackers for further cyber attack to both the computer, net-banking accounts and other log-in programs. Therefore it's important and necessary for users to completely remove Trojan horse Agent3.CPCF as soon as you detect it for the first time.

 A List of Trojan horse Agent3.CPCF Malicious Activities

  • Sneaks into the computer exploiting security flaws without user knowledge.
  • Enables itself a start-up entry once it completes the unauthorized installation.
  • Drops its harmful file and adds a new thread in legit Windows process.
  • Establishes surreptitious connection with remote server to fetch other parts.
  • Downloads arbitrary files from remote server and execute them.
  • Saves collected information as a log file and reports to remote server.
  • Disables certain security services and takes up much system resources.

Trojan horse Agent3.CPCF Possible Symptoms

  • Considerably lagged system response with high CPU consumption.
  • Failure to run Windows update and open registry editor.
  • Unknown error message at system start-up.
  • Easily crashed web browser with script errors.
  • Constant timing-out when trying to open web pages.
  • Blue screen of death and unexpected Windows restart.

 

What Software Should I Use to Stop Agent3.CPCF Infection?

 

This Trojan agent variant uses tricky hiding tactics to bypass the detection and deletion. From the point view of the infectious file c:\Windows\System32\lssasr.exe which is a Windows critical process for user authorization and loging, antivirus won't easily remove such kind of legit file, otherwise there may be system file missing. To make things worse, the remote server also helps its repair and update to keep the Trojan up-to-data and integrated which is hard for antivirus to keep up with and add the removal difficulty. Now that antivirus cannot provide a workable solution, it's time to us to find another way out. To manually eliminate Trojan horse Agent3.CPCF should be a practicable means, but please note that it should be carried out with expertise guidance since any improper deletion may cause irretrievable data loss too.

Agent3.CPCF Manual Removal Guides

Step 1: Restart the infected computer into safe mode with networking by pressing and holding F8 before Windows launches.
Step 2: Search for and manually delete below files:
%appdata%\npswf32.dll
%System%\regsvr.exe
%System%\svchost .exe
%System%\setting.ini
%System%\setup.ini
%appdata%\Inspector-{random}.exe
Step 4: Navigate to remove the registry entries associated as below in Registry Editor( You can open Registry Editor by typing regedit in the search box from start menu):
HKEY_LOCAL_MACHINE\Software\ TROJAN HORSE AGENT3.CPCF.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "random "
HKEY_CURRENT_USER\Software\Microsoft\Installer\Products\random
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations “LowRiskFileTypes” = ‘/{hq:/s`s:/ogn:/uyu:/dyd:/c`u:/bnl:/ble:/sdf:/lrh:/iul:/iulm:/fhg:/clq:/kqf:/`wh:/lqf:/lqdf:/lnw:/lq2:/l2t:/v`w:/rbs:’
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments “SaveZoneInformation” = ’1′
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableTaskMgr” = ’1′
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system “DisableTaskMgr” = ’1'

Notes: If you are still confused with above procedures, please click here to contact a 24/7 online expert for more details.

No comments:

Post a Comment