Click on screenshot to zoom
Danger level 7
Type: Trojans

Other mutations known as:
Trojan.Chepdu.B , Trojan.Chepdu.L

Trojan.Chepdu

The first reports of Trojan.Chepdu came on 26 April 2011, and since then many users have reported infections by this seditious Trojan. This Trojan will edit startup entries to launch every time you boot up the system. It will remain in the background and perform all of its activities there, effectively making it very difficult to detect and remove Trojan.Chepdu from the system.

The ultimate goal of Trojan.Chepdu is to infiltrate its victim’s PC and relay stolen information to its originators. It also open firewalls and makes it that much easier for other types of malware to find their way onto your PC. Other symptoms associated with Trojan.Chepdu include slowed Internet connections and extremely poor system performance.

Once Trojan.Chepdu installs on the system the following files will be dropped in the system folder:

\ctfmon_mp.exe etected as TrojanDownloader:Win32/Troxen!rts
\dq20279.dll detected as Trojan:Win32/Chepdu.P

Trojan.Chepdu will contact its remote authors at luckby.cc using port 80. It will report the new infection, as well as receive configuration data from its author. It will upload stolen data such as financial information and usernames and passwords, and receive additional instructions from the hacker.

This Trojan gains entry to the system in a variety of ways, the most popular being through bundled software obtained from third party websites. Infected removable drives such as external hard drives and flash drives have also been known to carry this Trojan over to uninfected PCs. The user will be none the wiser once the Trojan.Chepdu infection roots itself in the system, as it performs all its illicit activities in the background. Known aliases of Trojan.Chepdu include Adware.CPush, Trojan.Wini32.Agent.cyrs and TROJ_BHO.XL.

The presence of the following files on the system will be a clear indication that your PC is infected with Trojan.Chepdu, as it will drop these files onto the system upon infection:

acleaner.exe
AudioEng32.dll
ComboFix.exe
ei92392.dll
jikd.exe
jn88531.dll

Your personal information is at risk and your virtual identity exposed while Trojan.Chepdu is allowed to roam free on your PC. Get rid of Trojan.Chepdu by investing in a powerful security application which will clean your system of all infections, and provide adequate protection against similar future threats.

Download Spyware Removal Tool to Remove* Trojan.Chepdu
  • Quick & tested solution for Trojan.Chepdu removal.
  • 100% Free Scan for Windows
disclaimer

How to manually remove Trojan.Chepdu

Files associated with Trojan.Chepdu infection:

on29280.dll
if98830.dll
fd42609.dll
rl85058.dll
zy70634.dll
xu51677.dll
tx86583.dll
sn49263.dll
qy46387.dll
pk40435.dll
mv47533.dll
kr84042.dll
hh61626.dll
ex80242.dll
eg38959.dll
kz57389.dll
wins.exe
pcsafedoctor.exe
nv49321.dll
fboyfw.dll
4678.dll
jq75092.dll
xwr31782.dll
xwr45591.dll
qz49708.dll
zk42277.dll
ze40167.dll
xwr82797.dll
xwr82128.dll
xwr32483.dll
wb43218.dll
vk46589.dll
uj41179.dll
rq20132.dll
px94385.dll
pf28788.dll
nh38331.dll
jn88531.dll
ei92392.dll
xwr40834.dll
ndmus0.dll
NltksLIN.dll
ComboFix.exe
taskmgr.exe
jikd.exe
AudioEng32.dll
acleaner.exe
xwr57807.dll
mws97720.dll

Trojan.Chepdu DLL's to remove:

on29280.dll
if98830.dll
fd42609.dll
rl85058.dll
zy70634.dll
xu51677.dll
tx86583.dll
sn49263.dll
qy46387.dll
pk40435.dll
mv47533.dll
kr84042.dll
hh61626.dll
ex80242.dll
eg38959.dll
kz57389.dll
nv49321.dll
fboyfw.dll
4678.dll
jq75092.dll
xwr31782.dll
xwr45591.dll
qz49708.dll
zk42277.dll
ze40167.dll
xwr82797.dll
xwr82128.dll
xwr32483.dll
wb43218.dll
vk46589.dll
uj41179.dll
rq20132.dll
px94385.dll
pf28788.dll
nh38331.dll
jn88531.dll
ei92392.dll
xwr40834.dll
ndmus0.dll
NltksLIN.dll
AudioEng32.dll
xwr57807.dll
mws97720.dll

Trojan.Chepdu processes to kill:

wins.exe
pcsafedoctor.exe
ComboFix.exe
ComboFix.exe
ComboFix.exe
taskmgr.exe
jikd.exe
acleaner.exe

Remove Trojan.Chepdu registry entries:

HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionExplorerBrowser HelperObjects{C0A0D84D-C22D-3758-A5F4-0403C5F90D48}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser HelperObjects\{C0A0D84D-C22D-3758-A5F4-0403C5F90D48}
Disclaimer

Post comment — WE NEED YOUR OPINION!

Comment:
Name:
Please enter security code:
This is a captcha-picture. It is used to prevent mass-access by robots.