How to Remove W32.Eternalrocks From PC Effectively

How to Remove W32.Eternalrocks From PC Effectively
Rate this post

Does your computer system gets infected with W32.Eternalrocks? Are you getting slow PC performance? Are you noticing changes into the browsing application default settings? Is your CPU freezing a lot? Are you in deep trouble while browsing Internet? If “Yes” then continue reading the post as this post aims at providing complete and easy solution to remove W32.Eternalrocks from PC.

W32.Eternalrocks

W32.Eternalrocks is yet another terrifying Trojan virus recently detected by security researchers that is capable to affect all Windows computer. The very Trojan horse detected on May 21, 2017 and its update later found on May 24, 2017 @ 2:17:58 PM. With the only bad intention to lean down PC performance and allow cyber criminals to access your PC crooks designed this nasty threats.

W32.Eternalrocks is known to open backdoor into the compromised PC and allow hackers to remotely access your PC as well as it install some additional malicious program onto PC without your notification for contribution in degrading your PC performance. On deep analysis security analyst found the Trojan is basically spreads by exploiting the Server Message Block (SMB) and remote code execution (RCE) vulnerabilities. Its presence into your computer for a long term is never good sign as it is big threats to computer system performance and also to your privacy.

Soon after coming inside the PC, W32.Eternalrocks hide itself deeply and once gets installed successfully and executed creates the following folders:

  • %ProgramFiles%\Microsoft Updates\Tor\lock
  • %ProgramFiles%\Microsoft Updates\Tor\torrc
  • %ProgramFiles%\Microsoft Updates\Tor\state
  • %ProgramFiles%\Microsoft Updates\SharpZLib
  • %ProgramFiles%\Microsoft Updates\Temp\Data\Tor\geoip6
  • %ProgramFiles%\Microsoft Updates\Tor\hidden_service\hostname

Next after this malicious program creates the following files:

  • %ProgramFiles%\Microsoft Updates\svchost.exe
  • %ProgramFiles%\Microsoft Updates\taskhost.exe
  • %ProgramFiles%\Microsoft Updates\torunzip.exe
  • %ProgramFiles%\Microsoft Updates\Tor\zlib1.dll
  • %ProgramFiles%\Microsoft Updates\required.glo
  • %ProgramFiles%\Microsoft Updates\installed.fgh
  • %ProgramFiles%\Microsoft Updates\SharpZLib.zip

W32.Eternalrocks is advanced worm that also creates the mutexes so that only one instance of this threat executes on the computer. Mutexes created are:-

  • {8F6F00C4-B901-45fd-08CF-72FDEFF}
  • 20b70e57-1c2e-4de9-99e5-69f369006912
  • {8F6F0AC4-B9A1-45fd-A8CF-72FDEFF}

Next after in order to check for updates this Trojan virus connects victims computer to the following remote location: http://ubgdgno5eswkhmpy.onion/updates/info?id=%computername%&v=1.1.27&download=next. If the update is available it downloads them from following remote location: http://ubgdgno5eswkhmpy.onion/updates/download?id=%computername%. Following this operation, W32.Eternalrocks saves the updates to the following location:- %ProgramFiles%\Microsoft Updates\taskhost.exe. Next after this very worm downloads Tor browser from following remote location: https://archive.torproject.org/tor-package-archive/torbrowser/4.0.1/tor-win32-tor-0.2.5.10.zip and save them at %ProgramFiles%\Microsoft Updates\tor.zip.

Completing all the process above, W32.Eternalrocks creates the scheduled tasks ie Microsoft Service Host, Microsoft Task Host and Microsoft Tor Host. In order to allow communication it creates firewall rules for following files:-

  • %ProgramFiles%\Microsoft Updates\svchost.exe
  • %ProgramFiles%\Microsoft Updates\taskhost.exe
  • %ProgramFiles%\Microsoft Updates\Tor\tor.exe

The firewall is too created so that it can block inbound connections to port 445. W32.Eternalrocks is very dangerous Trojan horse that completely degraded your computer activities, neither let you work online nor offline. As soon as you detected this malevolent Trojan virus inside your PC you must delete W32.Eternalrocks from computer system immediately.

Manual Step to Delete W32.Eternalrocks From PC

From Control Panel

If you are using Windows 10

  • Menu>>Settings>>System(double click)
  • Click App & Features
  • Select W32.Eternalrocks related program
  • Click Uninstall after button appears.

If you are using Windows 8 or Windows 8.1

  • Press Windows and Q key together to open charm box.
  • Type “Control Panel”>>Hit enter
  • Search “Install/Uninstall” Program
  • Search W32.Eternalrocks >> Uninstall them.

If you are using Windows Xp/Vista and Windows 7

  • Click on start button
  • Go to the Control Panel
  • Select Add/Remove programs
  • Locate W32.Eternalrocks from installed program
  • Uninstall them.

From Task Manager

  • Press Ctrl + Shift + Esc keys to open Windows Task Manager
  • Under Windows Task Manager
  • Click on Processes Tab.
  • Search for the suspicious process that running
  • Click on End Process.

Hope going the above way you have successfully deleted W32.Eternalrocks Trojan from your Windows computer. In case the same issues continues then you are strongly recommended to make use of Free Scanner.

User Guide To Remove Trojan Using Automatic Scanner

Posted in Trojan and tagged , , , , , , , , , .

Edward is young and loves to write anything which is updated in computer security category. He always mention that Trojan is most dangerous and should be removed from PC ASAP.

Leave a Reply

Your email address will not be published. Required fields are marked *