Trojan Horse Sheur2.gnw is a generic detection for a harmful file that is normally used by malware author to spread separate virus infection. The threat was also designed to gather email addresses from the infected system. In addition, Trojan Horse Sheur2.gnw also interfere with your connection to security-related web sites making sure that no updates will be downloaded onto the infected computer.
Damage Level: Medium
Systems Affected: Windows 9x, 2000, XP, Windows Vista/7
When Trojan Horse Sheur2.gnw is executed, it will connect to specified command and control (C&C) server. When connection is established, the Trojan then downloads a malicious file. This file is hard to identify due to random file name it is utilizing. Trojan Horse Sheur2.gnw then infects certain system files in order to initiate its command each time you start Windows.
There is also an observation that Trojan Horse Sheur2.gnw Trojan is utilized to alter settings of victim’s Internet browser. Effects of these changes can be browser redirection, search result hijacking, and unknown home page setting. However, search result hijacking is apparent to most victims. Report shows that after using Google to search the web, user will be redirected to unknown web site after clicking on any of the result. This however leads to an income generating action. The landing page delivers advertisements that when clicked or viewed will earn a profit for the referrer.
Trojan Horse Sheur2.gnw normally spreads on spam email messages. It is attached to an email with deceptive messages prompting recipient to open the file. When executed, Trojan Horse Sheur2.gnw checks the computer for installed antivirus program and disable it.
Signs and Symptoms of Trojan Horse Sheur2.gnw Infection:
Trojan Horse Sheur2.gnw will disable your antivirus program
Once a Trojan infects a computer, it has a tendency to lower security settings and disable firewall and antivirus program. Trojan Horse Sheur2.gnw carry out this task to ensure that antivirus software will not respond on the attack.
Blocks Internet access to security web site
Trojan Horse Sheur2.gnw attacks the center of the security system. Aside from disabling antivirus software, this Trojan also blocks your access to security web site to prevent downloading of any removal tools.
Presence of Trojan Horse Sheur2.gnw reduces PC's performance
Trojans are known to reside in the memory, thus, it can consume resources that can cause computer to slow down. There are cases that infected computer crashes due to insufficient resources.
Other Functions of Trojan Horse Sheur2.gnw:
- Trojan Horse Sheur2.gnw can communicate to a remote server to download more threats
- It can infect executable files on the local and network drives
- This hazardous Trojan can connects to a distant server to update its configuration
- Some variants of Trojan Horse Sheur2.gnw can destroy system files making the computer unstable
- This Trojan can allow a backdoor entry for an attacker to control the infected PC
How to Remove Trojan Horse Sheur2.gnw
Step 1 - Run a thorough scan using your antivirus program
1. Temporarily Disable System Restore (Windows Me/XP). [how to]
2. Open your antivirus application and update the virus definitions. This method ensures that your antivirus program can detect even newer variants of Trojan Horse Sheur2.gnw
3. Start Windows in Safe Mode with Networking.
- From a power-off state, turn on the computer and press F8 repeatedly.
- Your computer will display Windows Advanced Boot Options menu. Select Safe Mode with Networking.
- System will boot Windows loading only necessary drivers and system files.
4. Open your antivirus program and run a full system scan. After the scan, delete all infected items. If unable, better place them in quarantine. Once the scan is complete please proceed with the next step.
Step 2 - Double-check with Online Virus Scanner
Another way to remove Trojan Horse Sheur2.gnw without the need to install additional antivirus application is to perform a thorough scan with free online virus scanner that can be found on websites of legitimate anti-virus and security provider.
5. Go to Online Virus Scanner list and run a virus scan. This may require plug-ins, add-on or Activex object, please install if you want to proceed with scan.
7. Select an option in which you can thoroughly scan the computer to make sure that it will find and delete entirely all infections not detected on previous scan.
8. Remove or delete all detected items.
9. When scanning is finished you may now restart the computer in normal mode.