SpywareGuide powered by Actiance Security Labs
Search SpywareGuide Database & Site
Home Access the Guide
List of Products List of Companies List of Categories
Tools
X-RayPC
Terms and Definitions
 
Full Name:
 Surila.aw Websearch   Read More
Type: Trojan
Also Known as: Troj/Surila-I(SOPHOS)
SG Index: 8 [Explain]
Removal tools: List of products that detect/remove/protect against Surila.aw:
  • IM, P2P control, malware prevention and web filtering in single appliance: Unified Security Gateway
    		•
    Category Description: Trojans are malicious applications that pose themselves as legitimate software in order to trick users to install them. Once on the victim's machine, it may run any number of malicious process to steal vital information or inflict damage to other software.
    Official Description: Surila.aw is a backdoor trojan.
    Comment: Adds itself into Windows Firewall Authorized application list. This trojan also sends spam mails from the infected computer.
       
    Manual removal: After scanning with X-Cleaner, follow the below given steps to correct the altered registry keys:

    1. Click on Start Menu, select run.

    2. Type "regedit" and press enter.

    3. Navigate to each of the following keys and

    In the right pane, delete the value(by right clicking over it):
    "WINRUN" = "msupdate.exe"

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
    HKEY_CURRENT_USER\Software\Microsoft\OLE
    HKEY_CURRENT_USER\System\CurrentControlSet\Control\Lsa

    4. Navigate to each of the following keys and

    In the right pane, delete the value:
    "C:\WINDOWS\csrss.exe" = "C:\WINDOWS\csrss.exe:*:Enabled:csrss.exe"
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List

    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List

    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List

    5. Close Registry Editor.

    6. Restart your computer.
    Properties:
  •  Allows remote connect
  •  Sends mail
    		•

    Click here to leave feedback for this product
    Recent Modifications
    2023-3-28  Adult Networks/Services
    2023-3-7  New York Islanders Fans
    2017-2-10  Adult Hosts
    2016-3-30  CoolWebSearch
    2015-9-29  Malicious URLS
    2015-5-19  Dialers
    2015-1-5  Email Threats
    2013-7-20  Date Manager
    2013-4-10  BeeBus
    2012-12-18  JT.Moonwalk
    		 
    Company  | Site and Spyware FAQ
    © Copyright 2003-2023, Actiance, Inc. All rights reserved.   Privacy Policy