BackDoor-Spyeye
What is BackDoor-Spyeye?
BackDoor-Spyeye is a backdoor Trojan which allows remote unauthorized access on victims computer. BackDoor-Spyeye infection will also cause a download of additional harmful files, log keystrokes and performs bot functionalities.
| Type | Trojan |
| Sub-Type | Rootkit |
| Aliases | Trojan-Spy:W32/Spyeye.A, Trojan.Spyeye Trojan:Win32/Spyeye, Win32/Spy.SpyEye.B |
| OS Affected | Windows |
| Detected By | McAfee |
What are the Symptoms of BackDoor-Spyeye Infection?
It will modify Windows Registry and add the following entry:
- HKCU\Software\Microsoft\Windows\Current Version\Run
cleansweep.exe = “C:\cleansweep.exe\cleansweep.exe”
The threat will drop the following malicious files:
- %SystemRoot%\CleanSweep.exe
- %SystemRoot%\CleanSweep.exe\Config.bin
- %SystemRoot%\CleanSweep.exe\CleanSweep.exe
How to Remove BackDoor-Spyeye Manually
1. Connect to Internet and Update your Antivirus Program
2. Reboot computer in Safe Mode
- Before the Windows logo appears on bootup, press F8 on keyboard
- On menu, select Safe Mode with networking
3. After booting in Safe Mode, scan completely
4. Open Internet Browser and search for a legitimate online virus scanner (Symantec, TrendMicro etc…) and do a complete scan.
5. Restart computer.
