Pushdo Trojan Removal Guide

Pushdo Trojan is an example of modern malware distribution tactics.

Pushdo is a recent Trojan infection that is usually sent through means of an E-card in emails. The creators of the Pushdo Trojan use aggressive tactics to spread this infection through multiple emails passing it off as a legitimate E-card email message. Pushdo is designed as a downloader Trojan where it has a purpose to download and install malicious programs onto a users computer. Many types of Trojans perform this same task but are not as sophisticated as the Pushdo Trojan.

What exactly does Pushdo Trojan do?

Pushdo Trojan performs various tasks when a system initially launches the Pushdo program. Pushdo masks as an Apache webserver and listens on the TCP port # 80. In our previous article on Explaining TCP and UDP ports you can find out the reasons behind programs utilizing certain TCP ports and the damages this can cause. When a malicious program such as the Pushdo Trojan utilizes a TCP port it can transfer information back to the creators of the Trojan with your personal information. In addition to stealing your information the Pushdo Trojan may open up access for hackers to use your computer for malicious activities.

With an open line of communication from a Pushdo infected system it may lead to other infections being downloaded and installed without the computer user ever knowing about it. Pushdo may give administrative remote access to the infected computer over the internet leaving an open channel for hackers to cover their tracks so the infected user may never know what happened.

Pushdo is such an advanced Trojan that it may find which anti-virus or firewall application you are running. This task is performed so it may avoid being detected by an anti-virus or firewall program.

Below is a list of anti-virus and firewall process that Pushdo runs through to do a comparison against your running processes in order to report back to the originator (hacker) which program you may be running. This task is done so Pushdo may use another route for attacking your system and avoiding being detected by an anti-virus or firewall program.

Armor2net.exe
avp.exe
blackd.exe
drweb32w.exe
ipfsrv.exe
kpf4ss.exe
livesrv.exe
mcagent.exe
mclogsrv.exe
mcpromgr.exe
mctskshd.exe
mcuimgr.exe
mcupdmgr.exe
mcusrmgr.exe
mpsevh.exe
nod32krn.exe
NPFSVICE.exe
outpost.exe
PAVFNSVR.exe
PAVSRV51.exe
PXAgent.exe
safensec.exe
sspfwtry2.exe
symlcsvc.exe
vsmon.exe
vsserv.exe
xcommsvr.exe

The manual removal of Pushdo Trojan is a difficult process. We recommend using a reputable spyware removal program to completely remove Pushdo Trojan and any of its files from your system. When opening emails from unknown sources it is always a good practice to avoid clicking on any links or downloading any attachments.

Aliases: TROJ_PUSHDO.AD, TROJ_PUSHDO.AR, and Troj/Pushdo-Gen

Pushdo Automatic Removal Instructions

Pushdo Manual Removal Instructions

This manual removal method is for techie computer users. Pushdo manual removal may be difficult and time consuming to remove. There’s no guarantee that Pushdo will be removed completely. So read the Pushdo removal steps carefully and good luck.
Before you start: Close all programs and Internet browsers. Also back up your computer in case you make a mistake and your computer stops working.

  1. Uninstall Pushdo Program
    Click on Start > Settings > Control Panel > Double-click on Add/Remove Programs. Search for and uninstall Pushdo if found.
  2. To stop Pushdo processes (view process removal steps)
    Go to Start > Run > type taskmgr. The click the Processes tab and you’ll see a list of running processes.
    Search and stop these Pushdo processes:
    startdrv.exe

    For each unwanted process, right-click on it and then select “End task”.

  3. If your homepage has been changed, go to Start > Control Panel > Internet Options > click on the General > click Use Default under Home Page. Add the your desired default homepage, then click Apply > click OK. Open a new web browser to check that you have your desired default homepage.
  4. Remove Pushdo Directories.
    To find Pushdo directories, go to Start > My Computer > Local Disk (C:) > Program Files > Show the contents of this folder.
    Search and delete the following Pushdo directories:
    C:\Windows\System\drivers\runtime.sys
    C:\Windows\Temp\startdrv.exe
    C:\Windows\System\drivers\runtime.sys

    Right-click on the Pushdo folder and select Delete.
    A message will appear saying ‘Are you sure you want to remove the folder [NAME OF FOLDER] and move all its contents to the Recycle Bin?’, click Yes.
    Another message will appear saying ‘Renaming, moving or deleting [FOLDERNAME] could make some programs not work. Are you sure you want to do this?’, click Yes.

  5. To remove Pushdo icons on your Desktop, drag and drop them to the Recycle Bin.

You’ve completed the Pushdo manual removal instructions!
I hope this article has helped you solve your Pushdo problems. If you want to contribute to this article, post your comment below.

Disclaimer: This article is for educational purposes. By using this information you agree to be bound by the disclaimer. There’s no guarantee that Pushdo will be completely removed from your computer. Seek professional help if your computer continues to experience problems.

Tags: .