Ahsan Virus

Ahsan Virus is a definition for malware with remote access capability. This particular version can allow a remote attacker to gain control of the infected computer through backdoor. The Trojan frequently communicates to a remote server to download other malware that it can drop and execute on victim's machine.

When executed, Ahsan Virus will directly hit Windows registry. It will include certain values in order to disable warning messages that Windows prompts each time an illegal activity occurs on the system. The same actions will carry out by the Trojan that will reduce the security settings on Internet Explorer as well as operating system. With this action, user may be prone to any virus attack during the presence of Ahsan Virus.

Like most Trojan, Ahsan Virus will create a registry entry to run itself on Windows start-up. It may also inject harmful code into valid processes typically running on Windows operating system.

Then, the Trojan tries to contact a command and control (C&C) server through HTTP request using a configured Port. During analysis, it was discovered that most of C&C servers will provide remote command for this threat, giving an attacker full control on the compromised PC.

Characteristics:

Ahsan Virus allows a remote attacker to control the infected computer. It was also made to gather sensitive data like user name, password, and other vital software and hardware information. This Trojan is also capable of upgrading itself by contacting a remote server to download file updates.

Symptoms:

Backdoor Trojan are known for their capabilities taking control over an infected PC. Normally, this threat chews system resources more than any other threat. Thus, user may see sudden reduction on system performance as well as slow Internet connection.

How to Remove Ahsan Virus

1. Download Malwarebytes' Anti-Malware from this link and save it on your Desktop.
2. After downloading, double-click on mbam-setup.exe to install the application.
3. Follow the prompts and install as default only.

4. Before the installation completes, check on the following prompts:
- Update Malwarebytes' Anti-Malware
- Launch Malwarebytes' Anti-Malware

5. Click Finish. Program will run automatically and you will be prompt to update the program before doing a scan. Please update.
6. Scan your computer thoroughly.
7. When scanning is finished click on the Show Results button.
8. Make sure that all detected threats are marked, click on Remove Selected.
9. Restart your computer.

Note: Some malware may prevent mbam-setup.exe from downloading and running. You can download and rename this program from a different computer before running it on infected system.

9 Comments

  1. ishaque

    i will found Ahsan Computer virsu in my pc. please let me how to remove from pc.

  2. Hassan

    i will found Ahsan’s Computer virsu in my pc. please let me how to remove from pc.

  3. Nasir Javed

    for all those who download HWK “emu” and now they have “Ahsan Khan” all around desktop or in my computer, tray, clock…
    don’t be affraid
    it’s not a worm or virii.. it’s just a registry change.
    so..
    follow these steps:

    start-run

    type regedit
    backup ur registry files

    press F3 or FIND

    type Ahsan and press enter

    delete keys with Ahsan Khan in it.
    warning!
    ::::: DON’T DELETE KEYS WHERE THE CLOCK IS! :::::
    just click twice and remove Ahsan Khan from the key

    best regards!

  4. ahmad

    mr. nasir

    when i try to go to regedit

    it closes automatically

    ahsan virus is more stronger
    can u solve out??”?

  5. fazal

    I have got GW Bush virus in my sys and flash drive can any one got treatment of it.

    Thks

  6. Angel

    My fujitsu laptop also got the virus. I have try to reformat so many times but it keep on come after a while. Anybody can help me? Please…….

  7. Ryan

    I. Log in to safe mode as Administrator:
    Create and Save files named “Home Video.exe” and “csrss.exe” in all drives with 0 kb(If you can’t do it within 5 seconds ,do it from a bootable media)
    —-You can’t ignore this step—-
    Stop system.exe and userinit using taskmanager before it get closed
    Run RRt and disable virus effects : check all tick marks and press ‘remove’
    Virus is out ; if your cmd.exe is enabled now .Take the command prompt from %system32%cmd.exe
    Open regedit, search and delete all entries with his name “Ahsan” ,his site 110mb.com and that GW Bush
    Enable “Run”:
    Take regedit : HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersion
    PoliciesExplorer and delete NoRun make the same with value 0
    Even now if you are not able to handle the situation do SDFix
    Thats it !!

    ===========================================
    II. (Other Option)
    1. start windows in safe mode with command prompt(user:admin, preferably a user other than having attacked)

    2. use RRT Tool to enable run ” if disabled”.

    3. Enable regediting if disabled with following reg key.
    REG add HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem /v DisableRegistryTools /t REG_DWORD /d 0 /f

    4. Open regedit, search and delete all entries with name “Ahsan” , site 110mb.com and Bush.

    5. If your folder option is disabled enable it with following reg key ”
    HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrent VersionPoliciesExplorer
    HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrent VersionPoliciesExplorer

    Check if a DWORD value named NoFolderOptions exists in the pane on the right hand side of the screen, Delete it.

    6. If you are still unable to view the hidden files, which is disabled by virus, enable it with following proc and key.
    HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrent VersionExplorerAdvanced. Find the value “Hidden” . Rightclick it and modify it to 1. If Key value hidden is not present create it

    7. Check the following registery values and set the values given below in each registery key.
    [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrent VersionExplorerAdvancedFolderHiddenNOHIDDEN]
    “CheckedValue”=dword:02
    “ValueName”=”Hidden”
    “DefaultValue”=dword: 02

    [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrent VersionExplorerAdvancedFolderHiddenSHOWALL]
    “CheckedValue”=dword: 01
    “ValueName”=”Hidden”
    “DefaultValue”=dword:02

    8. Now enable “show all hidden files / Hidden system files and folders”, and search for following files and delete them all.
    system.exe
    csrss.exe
    Home video.avi.exe
    autorun

    Note: these files will be in parent drives (D:, C:) and in windows folder.

    9.Now you are done !

  8. Ryan

    oops,,sorry….just copied it from other sites but it works…just remove it…thanks…

  9. BACH

    I downloaded ProcessExplorer.zip. After running it, the virus must be gone.

Comments are closed.