What is bill104.exe, How to remove bill104.exe
bill104.exe is a harmful program.
 |
It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum. |
Name: bill104
Filename: bill104.exe
Registry key:
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | sysfbtray
Command: %Windir%\bill104.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:
O4 – HKLM\..\Run: [sysfbtray] C:\windows\bill104.exe
DDS Line:
mRun: [sysfbtray] C:\windows\bill104.exe
Combofix/RSIT Line:
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
“sysfbtray”=C:\windows\bill104.exe
Description: new variant of koobface worm
How to remove: use these koobface removal instructions.
March 20th, 2010 at 8:31 pm
I have manually removed the bill104 evidence from my registry and folders and restarted but seem to be experiencing browser hijacking. In fact, my browser indicates the link “koobface removal” instructions, from your site at: http://htlogs.com/what-is-bill104-exe-how-to-remove-bill104-exe/ is broken and will not access. I also can not update spybot or my virus scan program (avast!) as these seem to be blocked somehow and will not access their servers. HiJack This no longer shows evidence but my computer’s response indicates otherwise. Is there any help? Thanks,
Rod
March 21st, 2010 at 12:52 am
Rod, probably your computer is infected with a variant of TDSS trojan-rootkit. Download TDSSKiller from here and unzip to your desktop. Open tdsskiller folder and run TDSSKiller. Follow the prompts.
March 21st, 2010 at 10:50 am
Admin: Unfortunately TDSSKiller do not help, I am helping a friend with the same virus.
March 21st, 2010 at 11:22 am
I am having the same problem as Rod. I removed it from my registry and still cannot get rid of it. It will not let me access your TDSS trojan-rookit. Says link is broken. Help
March 21st, 2010 at 1:29 pm
Hi Rod,
I am also having the same problems that you discribed with this virus. How did you get on with removing it?
Any advise would be brill.
Regards
March 21st, 2010 at 3:30 pm
Doh! I missed this instruction: http://www.myantispyware.com/2009/11/22/how-to-remove-koobface-worm/
So, I followed this instruction but when you come to Step 2 you have to install the program (I downloaded it from another computer and used an USB-stick). Then download http://mbam.malwarebytes.org/database/mbam-rules.exe , because the virus stops you to update from the program. Install and do a full scan and reboot when it is done.
Then, open the Malwarebytes’ again and update from the internet so you get the latest database and scan again. You’ll find some more and then reboot. After that I could surf on the internet normally again.
March 22nd, 2010 at 2:38 am
I am having the same problem. I have a second computer that I downloaded tools on to transfer to infected computer. I did everything on the instructions. I tried the TDSSKiller as well and it did not find anything. I can not update virus definitions on any of my software or go to any sites that have information for getting rid of this thing. Malwarebytes found and removed it, but the definitions are old and cannot be updated. What else can I do?
March 22nd, 2010 at 4:07 pm
Run in Windows Safe-Mode to download, install, update definitions and run Malwarebtyes. The koobface worm does not occur in Windows Safe-Mode. I tried several Spyware removal programs and Malwarebytes with the latest definitions was the one that resovled this problem for me.
March 25th, 2010 at 6:46 pm
Nothing happens when I run Malwarebytes. It installs…and does nothing. But then it doesn’t exist on my computer when installed. But when I ran the first part of the instructions as recommended before running the Malwarebytes, it rebooted my computer, and now I can only start it in safemode. The stupid removal program is worse than the virus! I just went in a manually found and deleted the bill104.exe from my computer, and that seemed to have worked. Now I just have to figure out how to undo what the stupid malware crap did to my computer.
March 26th, 2010 at 6:39 am
Megs, now you can`t boot in Normal mode ? What shows your PC when you trying it ?