How to remove Backdoor:Win32/Gaertob.A
If your computer is behaving oddly like programs closing and opening without your permission but there is no apparent file damage or if your personal accounts like Gmail, Facebook, AOL Messenger etc are not in your control anymore then you are a victim of Backdoor:Win32/Gaertob.A infection. The Trojan is known to get into computer systems with the help of hacked web pages or previously existing malware etc. The Trojan copies itself to %windir%\rundll.exe and changes the Windows registry by adding the value Windows Firevall Control C with the data rundll.exe in subkey HKLM\SOFTWARE\ Microsoft\ Windows\CurrentVersion\Run so that every time you start the computer it starts running and spreading.
It will also create the mutex NMMXM which will make sure that only one copy of the Trojan is running at one time and thus only one will be detected. Then it will create a batch file in the format rmme<4 random numbers>.bat, so that it can delete its original executable, thus making it even more impossible to detect. If a way for Backdoor:Win32/Gaertob.A removal is not found immediately the it will take instructions from hackers and cyber criminals and check for the folder like bearshare\shared\, grokster\my grokster\, icq\shared folder\, edonkey2000\incoming\, emule\incoming\, limewire\shared\, morpheus\my shared folder\,winmx\shared\ and tesla\files\ in the Program files directory.
Once it has located the folders it will simply drop copies of itself in the names like YahooCracker.exe, image.scr, VistaUltimate-Crack.exe, RapidsharePREMIUM.exe, HotmailHacker.exe, LimeWireCrack.exe, MSNHacks.exe and Autoloader.exe etc. This will allow hackers to plant codes in the computer which will help them to steal confidential information like banking passwords, credit card information etc. It will also allow them to change Windows security setting thus making your computer more vulnerable or change your browser setting so that whenever you try to access any website, you get redirected to hacked kaspersky-labs.com, ca.com, customer.symantec.com, download.mcafee.com, kaspersky.com etc. Thus you need to remove Backdoor:Win32/Gaertob.A as soon as possible.
The best way to remove each and every dormant or hiding copy of the Trojan and to stop the remote connection between it and hackers is to use a strong and updated Backdoor:Win32/Gaertob.A removal tool like VSKSoft Anti-virus that will remove the threat and make sure it can never infect the system again.