Trojan.Avrecon is a Trojan horse that opens a back door on the PCs that it infects, to allow hackers to gain access. It creates the following files and folders on infected systems:
- %AppData%\ Mozilla\ svchoste.exe
- %AppData%\ svchoste.exe
In addition to creating these files and folders, it creates the following registry entries:
- HKEY_LOCAL_MACHINE\ SOFTWARE\ Microsoft\ Windows NT\ CurrentVersion\ “wowsys64datecheck” = “1”
- HKEY_LOCAL_MACHINE\ SOFTWARE\ Microsoft\ Windows NT\ CurrentVersion\ “kereruthjertr456” = “1”
Finding these files and these registry settings is an indication that you are infected with this Trojan. Before removing the infection, backup your registry following the steps
here.
Then, remove the infection as follows:
- Press [Windows Key] + [R], type
REGEDIT and click OK. - Navigate to the registry key: HKEY_LOCAL_MACHINE\ SOFTWARE\ Microsoft\ Windows NT\ CurrentVersion
- Delete the registry entry: “wowsys64datecheck” = “1”
- Delete the registry entry: “kereruthjertr456” = “1”
- Close the Registry Editor and re-boot your PC.