Trojans are malicious applications that pose themselves as legitimate software in order to trick users to install them. Once on the victim's machine, it may run any number of malicious process to steal vital information or inflict damage to other software.
Comment:
BackDoor.SndMax is an IRC Backdoor Trojan Horse that gives its author control of an infected computer through Internet Relay Chat (IRC).
It adds False IP's to more than 50 popular antivirus companys urls in the Host file, disables antivirus notifications, firewall notifications, update notifications, and overrides firewalls.
Manual
removal:
Large amount of Hijacked domains are placed in the Hosts file. Its probably better to delete the file itself than to fix each item.(and create a Backup)
File location is C:\Windows\System32\drivers\etc\hosts
To Correct Modified Registry Values:
1.Click on Start , click run.
2.Type "regedit" and press enter.
3.Navigate to "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center"
4.Right Click on "AntiVirusDisableNotify" ,click on Modify , Type " 0 " in Value Data field in place of "1" and press Enter.
5.Right Click on "FirewallDisableNotify" , click on Modify , Type "0" in Value Data field in place of "1" and press Enter.
6.Right Click on "FirewallOverride" , click on Modify , Type "0" in Value Data field in place of "1" and press Enter.
7.Right Click on "UpdatesDisableNotify" , click on Modify , Type "0" in Value Data field in place of "1" and press Enter.
8. Navigate to "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" .
9. Right Click on "Shell" , click on Modify , Type "Explorer.exe" in Value Data field in place of "Explorer.exe SndMAX.exe" and press Enter.
10. Restart computer.
5 [