How To Remove Flashy.exe Virus

A reader of Technize asked me about how to remove flashy.exe virus. First of all let’s see what exactly is flashy.exe. It’s a type of backdoor trojan for Windows Platform that tries to take control of the infected system. It runs a telnet server on the infected computer. It also changes the administrator password to “hacked”.
When first run it copies itself to:
<Startup>\systemID.pif
<System>\Flashy.exe
The following registry entry is created to run Flashy.exe on startup:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Flashy Bot <System>\Flashy.exe
It changes the following registry:
HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess
Start
4
It disables folder options, sets hidden files to true and hides the file extensions.
How To Remove It?
Just download the following flashy.exe remover and run it. It will get rid of the culprit. It is recommended that you run this tool in safe mode.
[download id=”85″]
Technical Names Given By Security Companies:-
BackDoor-DIY [McAfee]
W32/Glupzy-B [Sophos]
WORM_FLASHY.B [Trend Micro]
Trojan.Win32.Disabler.i [Kaspersky Lab]
Email-Worm.Win32.Brontok.N [Ikarus]
Win32.Virut.Gen.5 [PC Tools]
Backdoor:Win32/Glupzy.A [Microsoft]
Trojan.Win32.Disabler.al [Kaspersky Lab]
W32/Vetor-A [Sophos]
W32/Virut.gen [McAfee]
Trojan.Disabler.E [PC Tools]
Virus.Win32.Virut.n [Kaspersky Lab]
Virus:Win32/Virut.AE [Microsoft]
Win32.Dzan.A [PC Tools]
Mal/HckPk-C [Sophos]
Mal/Packer [Sophos]
PE_VIRUT.XL [Trend Micro]
PE_VIRUT.XP [Trend Micro]
PE_VIRUT.XS [Trend Micro]
TROJ_DISABLER.AD [Trend Micro]
Trojan.Disabler!sd5 [PC Tools]
Trojan.Disabler.O [PC Tools]
Trojan.Disabler.T [PC Tools]
Trojan.Win32.Agent.kkh [Kaspersky Lab]
Trojan.Win32.Disabler.i [Ikarus]
Trojan.Win32.Disabler.x [Kaspersky Lab]
Trojan:Win32/Patched.AF [Microsoft]
Virus.Win32.Virut.q [Kaspersky Lab]
Virus:Win32/Virut.AF [Microsoft]
Virus:Win32/Virut.K [Microsoft]
W32/Glupzy-C [Sophos]
[Reference]


Posted

in

, ,

by

Comments

34 responses to “How To Remove Flashy.exe Virus”

  1. miandad

    buddy this software not worked…
    when i try to start scan software it will go disappeare ……

    1. Sanix

      miandad, it is working perfectly on my end. Please check again. If it’s not working then please post here the hijackthis of your system so that we can see what problems are existing in your system. To know how to use hijackthis, please see here.

  2. miandad

    thx for replay sir “Sanix”
    my taskmanger and regedit is block from virus and when i try to install hijack soft computer will hang….. even i installed Smart Virus Remover but it can not get back taskmanger …
    sorry for my english

    1. Sanix

      miandad, the virus seems to be paralyzing your system. Please scan the system with an online virus scanner. You can find out some online virus scanners here.
      And after complete scanning and removal of the virus, please install a realtime antivirus in your system. You can have a look at some free antivirus softwares here.
      After your system is completely clean from the virus, run smart virus remover to restore your default Windows settings like enabled task manager, registry editor etc.
      If you have any problem, please let me know.

  3. Cecilia

    My camera’s memory and the usb on which I saved my pictures got infected with this from a computer in Thailand. I’m too scared to connect these to my computer, so now I’m just looking up the possibilities to remove this evil trojan. Is it possible to restore the hidden files or are they gone forever? What happens if I connect the memory to a Mac?

    1. Sanix

      Cecilia, sure you can restore all your Windows settings. The following articles explain how you can re-enable Folder Options and show hidden files:
      Folder Options Missing
      Show Hidden Files And Folders Not Working?
      Download Smart Virus Remover To Restore All Windows Settings

      Please try these options and tell me about the results. If you’re still not able to get your folder options back, then we can do other steps.

  4. Roselle

    hi i think i have this virus on my flash drive which infected my files and PC. it converted all my file folders to application. All my file folders are .exe! I cannot open them. When I scanned it through AVG, it showed a Worm32/Dzan.B. They are all over my inmportant files. How do I remove the infection and can I still rescue my files because they are important reports I need for work. Thanks, help is highly appreciated.

  5. bino

    hello, i have the flashy in my mp3 player, it made all my folders “read only”, i downloaded the remover, but it seems to scan only my drive c, how do i make it work on the player/usb? thanks!

  6. sivvy

    mr.sanix
    please help me
    this stupid malware affected my flashdrive and all my important folders have .exe extensions now
    i am a degree student and the loss of any of the information would be very disruptive to my studies
    how do i remove it without getting any of my information deleted??
    this flashy remover seems to be executing only on the c drive hoe do i make it execute on other drives?

  7. tinashe

    can not view hidden folders .how can i do it using the command prompt and how can i view virus using the command prompt.

  8. albert

    my newly bought 5800 nokia was affected by this virus! How could I possibly remove the flashy from the flash drives that was affected too? Will I be reformating the external drives affected by it? Pls. Help me…. Thanks! Ü

  9. lutfiraffi

    thanks bro.. you save my day… i’m going to promote your site… 🙂

    1. Sanix

      lutiraffi, glad to know it solved your problem.

  10. nad

    hi. i’v run the flashy removal in safe mode as suggested. is there any way to check whether its working or not? i mean is the flashy thing really gone?
    thx!

  11. Richard Smith

    Hi,
    I downloaded the hackthis software and it seems to be working. Howevere, I noticed that the flash.exe virus was spreading to my important document and since the software permanatly deleates infected folders and files, I thaught of asking for an alternative to save my files and folders.
    Please send me a reply as soon as possible and thanks for your wonderful software.
    Richard smith.

    1. Sanix

      Richard you should immediately scan your computer for viruses. It’s possible that you may have viruses other than flashy.exe. So please scan you computer with an online virus scanner. You can find some online scanners here:
      http://www.technize.com/2007/06/27/free-online-virus-scanners/
      And I would strongly recommend that you install a real time antivirus in your system so that you system remains protected all the time. Here are some free antivirus softwares:
      http://www.technize.com/2008/09/26/top-5-free-antivirus-software/

  12. Richard Smith

    hellow there,
    I was just wondering if I could get a script on the usage,effect and application to the hackthis software.

  13. Chris

    I used your tool in safe mode on windows vista.
    It did not remove the flashy.exe
    any suggestions?

  14. dior

    how can i remove the flashy on my flash drive…?

  15. dior

    how can i remove the flashy on my flash drive? because it keeps on coming back…..

  16. Neang

    When I download and install It can’t remove virus on flash becouse it don’t have path for choose. show You can tell me how can I remove virus form USB.

  17. Pellumb

    Try to fix it with RRT program… with this one you will be able to remove a lot of worms and Trojan’s…

  18. Amit

    Hi,
    Support required for removing a virus that creates number of subfolder in folders.
    Thanks
    Amit

  19. skoal

    after i installed flashy remover, why is it that i cannot use my flash drive anymore. everytime i insert my flash drive, my PC restarts.
    how can i remove the flashy remover from my PC.
    thank you

  20. pramod

    Logfile of Advanced SystemCare 3 Security Analyzer
    Scan saved at 6:13:06 PM, on 7/22/2009
    Platform: Windows XP (WinNT 5.1)
    MSIE: Internet Explorer v6.0 (6.0.2900.2180)
    Boot mode: Normal
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\lg_fwupdate\fwupdate.exe
    C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
    C:\Program Files\Nero\Nero 7\InCD\InCD.exe
    C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
    C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
    C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
    C:\WINDOWS\system32\sistray.exe
    C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
    C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
    C:\WINDOWS\system32\UAService.exe
    C:\Program Files\Canon\CAL\CALMAIN.exe
    C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
    C:\WINDOWS\system32\wuauclt.exe
    O2 – BHO: &Yahoo! Toolbar Helper – {02478D38-C3F9-4efb-9B51-7695ECA05670} – C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 – BHO: (no name) – {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} – (no file)
    O2 – BHO: (no name) – {AA58ED58-01DD-4d91-8333-CF10577473F7} – C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O2 – BHO: (no name) – {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} – C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
    O2 – BHO: XBTBPos00 – {BBBE1C1A-89F7-4AF6-ABD1-F8FBCFA47408} – (no file)
    O2 – BHO: XBTBPos00 – {C08DF07A-3E49-4E25-9AB0-D3882835F153} – C:\PROGRA~1\IDM\QUICKF~1\PlugIns\IEHelp.dll
    O2 – BHO: Google Dictionary Compression sdch – {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} – C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
    O3 – Toolbar: (no name) – {12F02779-6D88-4958-8AD3-83C12D86ADC7} – (no file)
    O3 – Toolbar: (no name) – {CCC7A320-B3CA-4199-B1A6-9F516DD69829} – (no file)
    O3 – Toolbar: Google Toolbar – {2318C2B1-4965-11d4-9B18-009027A5CD4F} – C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O3 – Toolbar: Yahoo! Toolbar – {EF99BD32-C1FB-11D2-892F-0090271D4F88} – C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 – HKCU\..\Run: [MSMSGS] “C:\Program Files\Messenger\msmsgs.exe” /background
    O4 – HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
    O4 – HKCU\..\Run: [Advanced SystemCare 3] “C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe” /startup
    O4 – HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
    O4 – HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 – HKLM\..\Run: [SoundMAX] “C:\Program Files\Analog Devices\SoundMAX\Smax4.exe” /tray
    O4 – HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 – HKLM\..\Run: [NBKeyScan] “C:\Program Files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe”
    O4 – HKLM\..\Run: [RemoteControl] “C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe”
    O4 – HKLM\..\Run: [LGODDFU] “C:\Program Files\lg_fwupdate\fwupdate.exe” blrun
    O4 – HKLM\..\Run: [SecurDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
    O4 – HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
    O4 – HKLM\..\Run: [Adobe Reader Speed Launcher] “C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe”
    O4 – HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
    O8 – Extra context menu item: E&xport to Microsoft Excel – res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 – Extra button: Research – {92780B25-18CC-41C8-B9BE-3C9C571A8263} – C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 – Extra button: Windows Messenger – {FB5F1910-F110-11d2-BB9E-00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
    O16 – DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} – http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O23 – Service: Canon Camera Access Library 8 (CCALib8) – Canon Inc. – C:\Program Files\Canon\CAL\CALMAIN.exe
    O23 – Service: Google Software Updater (gusvc) – Google – C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 – Service: InstallDriver Table Manager (IDriverT) – Macrovision Corporation – C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 – Service: InCD Helper (InCDsrv) – Nero AG – C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
    O23 – Service: NBService – Nero AG – C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 – Service: Nero Registry InCD Service (NeroRegInCDSrv) – Unknown – C:\Program Files\Nero\Nero 7\InCD\NBHRegInCDSrv.exe
    O23 – Service: NMIndexingService – Nero AG – C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 – Service: Cyberlink RichVideo Service(CRVS) (RichVideo) – Unknown owner – C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O23 – Service: ServiceLayer – Nokia. – C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
    O23 – Service: SecuROM User Access Service (UserAccess) – Unknown – C:\WINDOWS\system32\UAService.exe

  21. Aix

    how can I remove the flashy.exe on my mobile phone?please help me

  22. BING

    gud day!
    my computer was infected with virus, i don’t know what type of virus is it. i cannot use nod, hijackthis, flash disinfector. tried the flashy remover but still, it doesn’t work.. please help.. just formatted my computer and now i’m infected again….
    thank you…

  23. BING

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 3:42:41 PM, on 12/8/2009
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Common Files\bugoilen\bungo659.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\USB Disk Security\USBGuard.exe
    C:\DOCUME~1\pibm\LOCALS~1\Temp\winprbcqi.exe
    C:\DOCUME~1\pibm\LOCALS~1\Temp\winhsrj.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEBS.EXE
    E:\InstallNavi.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIFBP.EXE
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FAMTFBP.EXE
    C:\Program Files\Registry Mechanic\regmech.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    O4 – HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 – HKCU\..\Run: [\\SERVER2\EPSON Stylus T10 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEBS.EXE /FU “C:\DOCUME~1\pibm\LOCALS~1\Temp\E_S12.tmp” /EF “HKCU”
    O4 – HKCU\..\Run: [EPSON TX110 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIFBP.EXE /FU “C:\WINDOWS\TEMP\E_S81.tmp” /EF “HKCU”
    O4 – HKCU\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /S
    O7 – HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
    O23 – Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) – Apple Computer, Inc. – C:\Program Files\Bonjour\mDNSResponder.exe
    O23 – Service: FLEXnet Licensing Service – Macrovision Europe Ltd. – C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 – Service: ut785478iy (xxm56yt7ut) – – C:\Program Files\Common Files\bugoilen\bungo659.exe

    End of file – 2240 bytes

  24. P!NGU

    Can any 1 tell me which virus or trojan…. is this: “which changes the attributes of a folder to hidden and then creates a similar exe file with an icon of a folder which looks scrambled ….it also disables ur folder options. iS IT FLASHY? If not then which virus is it and how to remove it?

  25. P!NGU

    SAD>>>>NO REPLIES 🙁

  26. sonia19

    Bifrose.AJ and msmssgs.exe easy remove

  27. mikaru

    gud day
    it helps me remove the virus on my pc
    but my memory card got currupted (i think)
    my pc can’t read my memory card anymore
    even if i try to format it….
    it happens when i got that flashy virus..
    is there any way i can restore my card back…?
    thanks in advance…!!!!

  28. azizi

    when i scan my computer with this flashy remover it show ” error killing process error code is: (603)

  29. Sheehan

    Hi, i followed the instructions but when i went to open the flashy remover the file is zipped and wont open?? Thanks for your help!