Trojan Horse SHeur.CODS

Trojan Horse SHeur.CODS is a computer worm that propagates on fixed disc drives and removable USB drives. This type of threat may infect drives via autorun.inf file it created that runs a command each time the drive is accessed. Malicious files will be copied to a drives attached on infected computer. Using this technique, Trojan Horse SHeur.CODS manages to spread a copy of its code to another clean PC when infected drive is attached to it.

Usually, Trojan Horse SHeur.CODS drops autorun.inf file that runs the code each time that user access the drive. Core file or the main code containing malicious script is also dropped on the computer but will be rendered hidden to conceal its presence and evade antivirus program.

This worm will attempt to take advantage of Windows' Autorun function. Through this, drives inserted on the computer will run instantly, thus, if it is infected with Trojan Horse SHeur.CODS, it runs also. When loaded, the worm will look for any devices attached to the PC and infect them as well. Same worm code and autorun.inf file will be dropped on the target device. Using the infected device on a clean PC may cause the same routine of infection.

Characteristics:

Trojan Horse SHeur.CODS is a harmful type of threat that normally spreads on local fixed and removable drives. It may drop malicious executable files in the form of .VBS, .EXE, .SCR, or .BAT. The file automatically runs when user accessed the drive of folder containing the worm. Trojan Horse SHeur.CODS is exploiting weakness in Windows autorun function by dropping autorun.inf file to initiate its executable.

Symptoms:

Anti-virus or any installed security programs will send an alert once Trojan Horse SHeur.CODS is detected on the computer. Aside from that, presence of unknown and suspicious autorun.inf and executable files on drives and folders also denotes that computer is infected with this worm.

Other Functions of Trojan Horse SHeur.CODS:

  • Trojan Horse SHeur.CODS may severely affect fixed drives and removable drives
  • The worm can steal sensitive data from the infected computer
  • Trojan Horse SHeur.CODS can download and execute other threats
  • This hazardous worm may corrupt system files on the computer
  • This threat can connect to a remote server and update its components

How to Remove Trojan Horse SHeur.CODS

1. Download Malwarebytes' Anti-Malware from this link and save it on your Desktop.
2. After downloading, double-click on mbam-setup.exe to install the application.
3. Follow the prompts and install as default only.

4. Before the installation completes, check on the following prompts:
- Update Malwarebytes' Anti-Malware
- Launch Malwarebytes' Anti-Malware

5. Click Finish. Program will run automatically and you will be prompt to update the program before doing a scan. Please update.
6. Scan your computer thoroughly.
7. When scanning is finished click on the Show Results button.
8. Make sure that all detected threats are marked, click on Remove Selected.
9. Restart your computer.

Note: Some malware may prevent mbam-setup.exe from downloading and running. You can download and rename this program from a different computer before running it on infected system.

9 Comments

  1. webmaster (Post author)

    Please see removal discussion on resycled/boot.com

  2. revanthstar

    achc

  3. Rajhlinux

    OMG THANK YOU !!!!!!!!!!!!! SO MUCH !!!! FLASH DISINFECTOR WORKED FOR ME !!!!!!!!! I HAVE 5 Drives !!! and, all the time when I would open one of them, something popped out tat would say “resycled/boot.com is not a valid Win32 application” I did so much research and googling not thing would work good and last stop I had hope with FLASH DISINFECTOR which actually worked ! go to this web site: “http://www.techsupportforum.com/sectools/sUBs/Flash_Disinfector.exe” and download this !!! Run it !! and everything would be perfect…This program might make your background icons disappeared, but don’t worry after few seconds everything will come back and all ur drives world be fixed!!! THANK YOU FLASH DISINFECTOR !!! :) :) :) :)

  4. Rene

    Thank God 4 Desinfector…
    100% works in a few seconds :-)
    Thanx

  5. can

    thank you….

  6. Anonymous

    Desinfector didn’t work for me…

  7. Radek

    Desinfector works perfect!!!

  8. ajay raina

    can you give me proper guide in virus removing in regestries

  9. ggia

    AdAware (Lavasoft) and AVIRA did not detect “resycled/boot.com is not a valid Win32″, but Malwarebytes’ Anti-Malware did. MA-M is a small, fast, freeware program.

Comments are closed.