December 26, 2009

How to Remove CCA3\E3X3\acx3.exe Virus (Trojan.Win32.Agent)


What is CCA3\E3X3\acx3.exe Virus?

A malicious trojan horse or bot that may represent security risk for the compromised system and/or its network environment

Alias: 

Trojan.Win32.Agent.decy [Kaspersky Lab]
Trojan.Win32.Agent [Ikarus] 

Symptoms of Infection.  
1.The following directories were created:

c:\CCA3
c:\CCA3\E3X3

2.The following Registry Key was created:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{67KLN5J0-4OPM-61WE-KKX5-457QWE23218}  

The newly created Registry Value is:  
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{67KLN5J0-4OPM-61WE-KKX5-457QWE23218}] StubPath = "c:\CCA3\E3X3\acx3.exe"
so that acx3.exe runs every time Windows starts

3.It modifies the Personalised Settings


4.Creates msupdate.exe and update.exe in C:\Documents and Settings\user directory


5. Some time it creates update.exe in C Drive.



6.Creates a Pseudo Dial up connections in Network Connections with the name a-connect,z-connect and it disconnects original dialup connection repeatedly.



Steps to Remove CCA3\E3X3\acx3.exe Virus   
1.Press Alt+Ctrl+Del.....Task Manager opens go to Process End Explorer.exe by Clicking end Process button



2.Go to File Click on Run



3.Type cmd in Run Box....Press Enter Command Prompt Window opens



4.Then Type the Following Command if you find Difficulty refer figure below
 

C:\Documents and Settings\user> Type cd\ Press Enter
C:\> Type attrib -h -r -s CCA3 Press Enter
C:\ CCA3>Type CD E3X3 Press Enter
C:\CCA3\E3X3\> type dir to acess E3X3 Directory
C:\CCA3\E3X3\> type del acx3.exe
C:\>Type Del CCA3 (Repeate only this command three times until Virus gone) 

Ask for delete Confirmation Press Y 
C:\>Type Del CCA3
Ask for delete Confirmation Press Y
C:\>Type Del CCA3 

If you got message Could not Find C:\CCA3.exe ,Operation is Success Virus Should Be Gone!



5.Now it is the time for deleting other dangerous created by Virus



a)Delete CCA3 Folder you can observe in C drive.If you able to find msupdate.exe in C drive you can delete that file also.

b)Delete msupdate.exe and update.exe from user C:\Documents and Settings\User

c)Delete Dialup connections Like a-connect,z-connect from Network Connection

d)Then delete the registry created by Virus.If you find difficulty you can use registry cleaners like Glary Utilities, or CCleaners etc.


Now your Computer is Happy......
If you think i am helped to solve your issue.Leave a Comment below

1 comment: