What is bill107.exe, How to remove bill107.exe


bill107.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: bill107
Filename: bill107.exe
Registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | sysfbtray

Command: C:\windows\bill107.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Run: [sysfbtray] C:\windows\bill107.exe

DDS Line:

mRun: [sysfbtray] C:\windows\bill107.exe

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
“sysfbtray”=C:\windows\bill107.exe

Description: new variant of koobface worm

How to remove: use these koobface removal instructions.

This entry was posted on Friday, April 16th, 2010 at 2:26 am and is filed under O4, Run, Worm. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

2 Responses to “What is bill107.exe, How to remove bill107.exe”

  1. Peter Borg Says:
    April 18th, 2010 at 2:29 am

    It seems as bill107.exe has another file that also has the name “bill107” in it that calls for bill107.exe. When the file is loaded on the startup, it prevents you to reach all sites thas has some form of antivirus on it. To take away the files, you need to get the latest anti-virus updates, but since bill107 prevents you to reach these sites you need to do start the computer in Safe-mode and down-load the latest version of anti-virus. The problem is that the anti-virus sometimes need to connect to internet when the computer not is in Safe-mode. So if you download a anti-virus program be sure that it does not have to confirm the installation after. We had this problem so we started to computer in “restore-mode” and choosed the oldest configuration. After that we could down-load the latest anti-virus program and have it confirmed and installed.

  2. Stephen Nielsen Says:
    April 19th, 2010 at 10:28 pm

    This is an easy fix. I have had 14 machines on my desk in the last few days.

    First unplug the system from the internet
    second: restart log into safe mode (F8 at boot)
    Three: click on run type in msconfig
    Allow admin rights if prompted
    click over to the startup tab, deselect bill107.exe there are a few variations of this malware, ie: bill106 (this one has three startup programs)
    Click apply and allow the system to reboot.

    Log in normally with internet still unplugged, control, alt, delete check the proccesses to make sure bill is not running, it might be named sysbill as well that is the one I saw today.
    If it is running end process, yes agree with the pop up are you sure
    Go to C:/programs/right click bill107,
    click properties, click the security tab (this malware strips the users rights to delete this file)
    select your user name in the top list click edit, put the check mark in the top box, it will fill 5 out of six boxes, no special rights needed.
    apply, exit window, rightclick bill file and delete it!

    Empty recycle bin

    Open IE browser (still unplugged so no connection)

    click on tools, scroll to add-ons, make Bill have a numbered add on here as well- it will be in all addons menu, disable it.

    Reboot sytem with internet plugged in run final virus scan.

    This has worked but I also add in one more step

    Google Glary utilities its free, and it is an amazing tool to speed up the registry, it points out dangerous startup items, and blah blah blah.

    Cheers

    Stephen

Leave a Reply