ArtsAutosBooksBusinessEducationEntertainmentFamilyFashionFoodGamesGenderHealthHolidaysHomeHubPagesPersonal FinancePetsPoliticsReligionSportsTechnologyTravel

Win32 Virus - How to Remove Win32 Virus Trojan Proxy

Updated on March 24, 2011

How to Remove Win32 Virus - Trojan Proxy

The Trojan-Proxy.Win32 virus is a worm affecting computers running Microsoft Windows.

These Trojans function as a proxy server and provide anonymous access to the Internet from victim machines.

Today these Trojans are very popular with spammers who always need additional machines for mass mailings.

Virus coders will often include Trojan-proxies in Trojan packs and sell networks of infected machines to spammers.

You may not even know your computer has been infected. Hundreds of computers get infected daily. Simply visiting certain malicious sites can cause your computer to be infected. To find out you can try using a antivirus scanner and virus removal software.

Trojans are breaching your computer security and should be removed. The Trojan-Proxy.Win32 Trojan can be removed from your system if it has been infected!

===> Win32 Virus Removal Tool

What Exactly is the Win32 Trojan Proxy Virus

This Trojan program makes it possible for a remote malicious user to use the machine as a proxy-server.

A proxy server is a server (a computer system or an application program) which services the requests of its clients by forwarding requests to other servers. So in simple terms, the Trojan-Proxy virus uses your computer as a host to sell to spammers. Ever wondered where all your internet bandwidth has gone?

The Trojan itself is a Windows PE EXE file written in Visual C++, packed using UPX. The file can be between 39KB - 53KB in size.

An example of a Trojan horse virus would be that a program you may have downloaded which you think is something simple like a screensaver program named "exotic-cars.scr" which seems to be a car desktop screensaver. When you install it, it instead unloads hidden programs, commands, scripts, or any number of commands with or without you knowing it is doing it in the background.

Trojan Horse programs can often be used to bypass security protection you have on your system which causes you system to be left without any protect and gives the hacker full access to your machine.

===> Win32 Virus Removal Tool (free download)

What Does the Trojan-Proxy.Win32 Virus Do?

The Trojan creates a unique identifier, "Windows-Update-Service" to flag its presence in the system.

Once launched, the Trojan listens on a random TCP port to realize the proxy-server function. The number of the port chosen is randomly generated, and will be in the range 1025 - 5024. If it is not possible to listen on this port, a new attempt will be made, with the port number being regenerated.

The worm then establishes a connection to cb.im***itethinking.biz. If this is unsucessful, the attempt will be repeated at 15 minute intervals.

If the connection is successful, the number of the port which the Trojan is listening on will be encoded and transmitted to port 3878 on the server in encrypted form.

Once the remote malicious user receives this data, s/he will be able to use the victim machine as a proxy-server.

Manually Remove the Trojan-Proxy.Win32 Virus and Removing it from the Registry

Removing a virus using the manual method.

Removing a virus can be done manually, however you will need to understand how to edit the system registry and be able to troubleshoot various problems with your computer system. Viruses are persistent and removing one can take a considerable amount of time and knowledge of how an operating system works. You will also need to know how to edit registry to delete virus and stop it from reinstalling each time you connect to the internet.

Removal Instructions

1. Determine the name of the Trojan program by using regedit or another utility to edit the system registry. View the "Services" parameter in the [HKLM\Software\Microsoft\Windows\CurrentVersion\Run] key; this parameter gives the full path to the malicious program.

2. Use Task Manager to terminate the process with the Trojan name.

3. Delete the original Trojan file.

4. Delete the following value from the system registry key:

[HKLM\Software\Microsoft\Windows\CurrentVersion\Run]

"Services"=""

Warning

Using Registry Editor incorrectly can cause serious problems that may require you to reinstall your operating system.

It cannot be guaranteed that problems resulting from the incorrect use of Registry Editor can be solved. You edit the registry at your own risk.

Still Having Problems Manually Removing the Win32 Virus

If you couldn't remove it for some reason try using anti-virus software

Win32 worms generally are set to run automatically when you start your computer or even register themselves to be run when any other application is started. Unfortunately, you can't just delete the worm file or your computer system might not be able to start your applications (such as Explorer) any more.

In order to effectively remove the worm from your computer system, it is often necessary to make additional changes to your system registry. Editing the system registry isn't easy. It can be done but can be difficult for those who aren't computer technicians.

There is an easier way to remove the Win32 worm which is a fully automatic, EASY and INTELLIGENT solution.

Try the multi award winning anti virus and spyware remover which is designed to remove Win32 Trojans effectively. Also you can EASILY eliminate any other viruses and malware from your system than doing the manual methods.

Win32 Virus Removal Software : Free Download

If you can't remove the Win32 virus manually, then you need to use a software that can.

The best antivirus and antispyware software

The best way to get complete protection from the most dangerous threats on the Internet - spyware, viruses, data theft and hackers - in a single, easy-to-use solution such as Anti-Virus Plus software.

AntiVirus provides real protection against security threats such as viruses, spyware, adware, worms, Trojans, key loggers, and rootkits.

In addition, AntiVirus monitors all traffic to and from your computer, so you'll always know what's happening and if your computer is being attacked. You'll easily be able to block hackers attempts to access your computer, and your personal information on the internet.

Removing Zeus Trojan :: Zeus Zbot Trojan :: Latest Threat

One of the latest trojan spreading via social networks is Zeus Zbot Trojan

This particular type of malware tries to collect financial details from people - think bank account numbers and passwords, credit cards info, and so on - and so has the potential to cause quite a bit more damage than some viruses. An individual might lose his savings, not just have his computer slow down or die.

The Zeus trojan is a bit aggressive in that it spreads through social networks like Facebook, too, and not just through sites and email attachments. Zbot uses a wide variety of social engineering tricks to spread through a variety of methods, including spam email and web downloads. It created a large botnet that collects information about victim's credit card, banking and social network logins

Common Known Win32 Worms

A list of currently known Win32 Viruses

Win32:Badtrans [Wrm]

Win32:Beagle [Wrm] (aka Bagle), variants A-Z, AA-AH

Win32:Blaster [Wrm] (aka Lovsan), variants A-I

Win32:BugBear [Wrm], including B-I variants

Win32:Ganda [Wrm]

Win32:Klez [Wrm], all variants (including variants of Win32:Elkern)

Win32:MiMail [Wrm], variants A, C, E, I-N, Q, S-V

Win32:Mydoom [Wrm] (variants A, B, D, F-N - including the trojan horse)

Win32:Nachi [Wrm] (aka Welchia, variants A-L)

Win32:NetSky [Wrm] (aka Moodown, variants A-Z, AA-AD)

Win32:Nimda [Wrm]

Win32:Opas [Wrm] (aka Opasoft, Opaserv)

Win32:Parite (aka Pinfi), variants A-C

Win32:Sasser [Wrm] (variants A-G)

Win32:Scold [Wrm]

Win32:Sinowal [Trj] - variants AA, AB

Win32:Sircam [Wrm]

Win32:Sober [Wrm], variants A-I, J-K

Win32:Sobig [Wrm], including variants B-F

Win32:Swen [Wrm], including UPX-packed variants

Win32:Tenga

Win32:Yaha [Wrm] (aka Lentin), all variants

Win32:Zafi [Wrm] (variants A-D)

* Backdoors

* General Trojans

* PSW Trojans

* Trojan Clickers

* Trojan Downloaders

* Trojan Droppers

* Trojan Proxies

* Trojan Spies

* Trojan Notifiers

* ArcBombs

* Rootkits

Need More Help with Removing a Virus or Spyware? - Share your experience.

    0 of 8192 characters used
    Post Comment

    • profile image

      anonymous 5 years ago

      not happy

    • profile image

      anonymous 5 years ago

      i never hear the lies in but today tear are in my eyes

    • profile image

      anonymous 6 years ago

      This link dose not work? Win32 Virus Removal Tool

    • profile image

      anonymous 6 years ago

      I have tried to remove this win32/winmaximizer

      this thing is really killing my computer , out of work trying to find work, keeps freezing up on me while trying to post applications.

    • profile image

      anonymous 6 years ago

      going to get external hard drive and put all important photos and files on it - put win 7 on it and then reinstall my original program files and NEVER GO ONLINE WITH IT!!!

    working

    This website uses cookies

    As a user in the EEA, your approval is needed on a few things. To provide a better website experience, hubpages.com uses cookies (and other similar technologies) and may collect, process, and share personal data. Please choose which areas of our service you consent to our doing so.

    For more information on managing or withdrawing consents and how we handle data, visit our Privacy Policy at: "https://hubpages.com/privacy-policy#gdpr"

    Show Details
    Necessary
    HubPages Device IDThis is used to identify particular browsers or devices when the access the service, and is used for security reasons.
    LoginThis is necessary to sign in to the HubPages Service.
    Google RecaptchaThis is used to prevent bots and spam. (Privacy Policy)
    AkismetThis is used to detect comment spam. (Privacy Policy)
    HubPages Google AnalyticsThis is used to provide data on traffic to our website, all personally identifyable data is anonymized. (Privacy Policy)
    HubPages Traffic PixelThis is used to collect data on traffic to articles and other pages on our site. Unless you are signed in to a HubPages account, all personally identifiable information is anonymized.
    Amazon Web ServicesThis is used to collect data on traffic to articles and other pages on our site. Unless you are signed in to a HubPages account, all personally identifiable information is anonymized. (Privacy Policy)
    CloudflareThis is used to quickly and efficiently deliver files such as javascript, cascading style sheets, images, and videos. (Privacy Policy)
    Google Hosted LibrariesJavascript software libraries such as jQuery are loaded at endpoints on the googleapis.com or gstatic.com domains, for performance and efficiency reasons. (Privacy Policy)
    Facebook LoginYou can use this to streamline signing up for, or signing in to your Hubpages account. No data is shared with Facebook unless you engage with this feature. (Privacy Policy)
    PaypalThis is used for a registered author who enrolls in the HubPages Earnings program and requests to be paid via PayPal. No data is shared with Paypal unless you engage with this feature. (Privacy Policy)
    Google AdSense Host APIThis service allows you to sign up for or associate a Google AdSense account with HubPages, so that you can earn money from ads on your articles. No data is shared unless you engage with this feature. (Privacy Policy)
    Features
    Google Custom SearchThis is feature allows you to search the site. (Privacy Policy)
    Google MapsSome articles have Google Maps embedded in them. (Privacy Policy)
    Google ChartsThis is used to display charts and graphs on articles and the author center. (Privacy Policy)
    Google YouTubeSome articles have YouTube videos embedded in them. (Privacy Policy)
    VimeoSome articles have Vimeo videos embedded in them. (Privacy Policy)
    MavenThis supports the Maven widget and search functionality. (Privacy Policy)
    Marketing
    Google AdSenseThis is an ad network. (Privacy Policy)
    Google DoubleClickGoogle provides ad serving technology and runs an ad network. (Privacy Policy)
    Index ExchangeThis is an ad network. (Privacy Policy)
    SovrnThis is an ad network. (Privacy Policy)
    Facebook AdsThis is an ad network. (Privacy Policy)
    Amazon Unified Ad MarketplaceThis is an ad network. (Privacy Policy)
    AppNexusThis is an ad network. (Privacy Policy)
    OpenxThis is an ad network. (Privacy Policy)
    Rubicon ProjectThis is an ad network. (Privacy Policy)
    TripleLiftThis is an ad network. (Privacy Policy)
    Say MediaWe partner with Say Media to deliver ad campaigns on our sites. (Privacy Policy)
    Remarketing PixelsWe may use remarketing pixels from advertising networks such as Google AdWords, Bing Ads, and Facebook in order to advertise the HubPages Service to people that have visited our sites.
    Conversion Tracking PixelsWe may use conversion tracking pixels from advertising networks such as Google AdWords, Bing Ads, and Facebook in order to identify when an advertisements has successfully resulted in the desired action, such as signing up for the HubPages Service or publishing an article on the HubPages Service.
    Statistics
    Author Google AnalyticsThis is used to provide traffic data and reports to the authors of articles on the HubPages Service. (Privacy Policy)
    ComscoreComScore is a media measurement and analytics company providing marketing data and analytics to enterprises, media and advertising agencies, and publishers. Non-consent will result in ComScore only processing obfuscated personal data. (Privacy Policy)
    Amazon Tracking PixelSome articles display amazon products as part of the Amazon Affiliate program, this pixel provides traffic statistics for those products (Privacy Policy)