Are you troubled by Win64/Agent.BA virus? Don’t know why this virus can sneak into your computer even if you have antivirus program installed? Users should understand this is a tricky virus that can escape from security tools and must be removed manually.
Win64/Agent.BA is categorized as a Trojan virus that can cause a lot of malicious activities and problems for your computer, which will cause huge security danger. It can compromise your computer by exploiting system security leaks. After successful installation, your antivirus program such ESET Nod32 antivirus 4 will show warning messages again and again. However, the virus is malicious and it even disables the security protocols of ESET since it will say the antivirus is non-functioning every time when you try to remove it.
This Trojan will drop lots of malicious files under Windows system folder to occupy system resource, slowing down your computer and making it unstable. Like other Trojans, it includes backdoor capabilities that can open network ports to download and install additional malware threats onto the infected computer. What makes people crazy is this pesky virus is able to allow attackers to gain remote access and control over the compromised computers. Thus, your personal information such as credit card information, login password will be exposed. All in all, it is a must for users to get rid of this malware once upon detection.
1. Show hidden files and folders.
Open Folder Options by clicking the Start button, clicking Control Panel, clicking Appearance and Personalization, and then clicking Folder Options.
Click the View tab.
Under Advanced settings, click Show hidden files and folders, uncheck Hide protected operating system files (Recommended) and then click OK.
2. Open Registry entries. Find out the malicious files and entries and then delete all.
Attention: Always be sure to back up your PC before making any changes.
a. Press the “Start” button and then choose the option “Run”. In the “Open” field, type “regedit” and click the “OK” button.
b. All malicious files and registry entries that should be deleted:
%AllUsersProfile%\[random]
%AppData%\Roaming\Microsoft\Windows\Templates\[random]
%AllUsersProfile%\Application Data\.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings “net
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\Current\Winlogon\”Shell” = “random”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “[RANDOM]”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run “[RANDOM].exe”
If you failed to remove this Trojan with the instructions above or need any assistant, you are welcome to contact YooCare experts to resolve all the problems completely.
Published by on July 27, 2012 7:49 am, last updated on July 27, 2012 7:49 am
Leave a Reply
You must be logged in to post a comment.