My computer got a nasty Trojan named Win32/IRCBot.NHR yesterday. I did a scan on my computer with my security tool but it cannot get rid of this Trojan virus. Now the computer runs extremely slow and numerous ads pop up when I surf the internet. I am so worried about my computer as it may be ruined by this virus. I want to see if there is anything other way to deal with this hateful Trojan once and for all. I would appreciate any advice you can offer!
Win32/IRCBot.NHR is categorized as a malicious Trojan horse which has the ability to intrude into the target computer and invoke various harmful traits. Once the invasion of your computer is accomplished, the Trojan virus will mess up your computer rapidly. For instance, it can change various other settings to corrupt the system and you will get tons of annoying ads constantly when you go online. If you click those ads carelessly, it would point you to some commercial websites which promote online sales by displaying malicious pop-up ads to gain revenue for each click. Furthermore, it has the ability to open a back door for remote cyber criminal access the infected computer to steal the files and other important things that you have stored on your computer. As a matter of fact, it is dispersed onto your computer easily if you visit fishing web sites and download free program or fake anti-spyware program using infected media and etc.
Once Win32/IRCBot.NHR gets installed successfully, the Trojan would make full use of the loophole of the system to bring other infections like spyware and malware to your computer to make the system become very vulnerable. It would often consume your system space by dropping many redundant files to the system. As a result, the computer may even get stuck and even encounter system crash as all the CPU resources have been eaten up greatly. This Trojan virus can stay tough in the infected computer and it is capable to start itself automatically whenever the computer system starts up. Once entered, it is capable to spy on your computer and keep track of your computer resource to collect your confidential information like passwords, credit card, bank account information etc for misuse. Thus you should take steps to get rid of this Trojan immediately if you want to make your computer clean and safe.
Win32/IRCBot.NHR allows cyber-criminals to break into the infected computer without being noticed and it could disable executable programs installed on your computer and cause system crash. Also it will change important settings on your computer to allow remote control from cyber criminals. Other than that, it will modify your registry settings and important key value to make it difficult to be removed.
Manual removal is suggested here if the antivirus program in your computer can’t deal with it. The most guaranteed way to get rid of the trojan without reinstalling the system or formatting the hard disk is manual removal. Here are some basic steps to achieve this point. However, removing the virus manually requires high skills in order to determine which files to delete for the Trojan infection is changing with the passage of time. You are also suggested to do a backup before starting.
1. End Relevant Processes
(1). Press Ctrl+Shift+Esc together to pop up Windows Task Manager, click Processes tab
*For Win 8 Users:
Click More details when you see the Task Manager box
And then click Details tab
(2). Find out and end the processes of Win32/IRCBot.NHR
2. Show Hidden Files
(1). Click on Start button and then on Control Panel
(2). Click on Appearance and Personalization
(3). Click on Folder Options
(4). Click on the View tab in the Folder Options window
(5). Choose Show hidden files, folders, and drives under the Hidden files and folders category
(6). Click OK at the bottom of the Folder Options window
*For Win 8 Users:
Press Win+E together to open Computer window, click View and then click Options
Click View tab in the Folder Options window, choose Show hidden files, folders, and drives under the Hidden files and folders category
3. Delete Relevant Registry Entries and Files
(1). Delete the registry entries of Win32/IRCBot.NHR through Registry Editor
Press Win+R to bring up the Run window, type “regedit” and click “OK”
While the Registry Editor is open, search and delete the related registry entries
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\[RANDOM CHARACTERS].exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run ‘Random’
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Random
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “CertificateRevocation” =Random
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\Random.exe
(2). Find out and remove the associated files
%AllUsersProfile%\random.exe
%AppData%\Roaming\Microsoft\Windows\Templates\random.exe
%Temp%\random.exe
%AllUsersProfile%\Application Data\random
%AllUsersProfile%\Application Data\~random
%AllUsersProfile%\Application Data\.dll HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Random “.exe”
Win32/IRCBot.NHR can expose your computer to kinds of threats by making use of the network vulnerabilities. For example, it will cause many unexpected problems including freezing up, file missing, executable programs disabled and etc. This Trojan is able to redirect your search result to some suspicious websites. This is why you may find that your default homepage and browser settings are just changed randomly. In fact it is created for allowing remote access to the infected computer by cyber criminals to collect privacy information for commercial use. And it is disguised from the most anti-virus programs to bypass the detection and removal. Thus, we strongly recommend you to eliminate the Trojan manually to prevent the computer system from any further damage.
The above manual removal is quiet complicated, which needs sufficient professional skills to process. Therefore, only computer users with sufficient computer skills are recommended to implement the process because any errors including deleting important system files and registry entries will crash your computer system. If you have no idea of how to process the manual removal, please contact experts from YooCare Online Tech Support for further assistance.
Published by & last updated on December 8, 2014 12:15 pm
Leave a Reply
You must be logged in to post a comment.