Cycbot - How To Remove?

Type: Trojan(Rootkit)

Cycbot (sometimes called Cycbot.b or Win32/Cycbot.B) is a Trojan/Backdoor infecting PCs and giving remote access to hackers or planting fake antiviruses into infected PCs. This sort of trojans is one of the possible reasons for Search engine redirection, when your search results are filtered, replaced or you are redirected to harmful websites. Thus Cycbot infections are something you should be concerned about: while the parasite itself will not destroy your PC or steal information directly, it can provide enough access to other applications or people to do so. There couple versions of Cycbot : Cycbot.B, Cycbot.AC are noticed quite often.
The main symptoms of Cycbot include Google redirection. Although not always caused by this particular form of malware, there are signs that can help determining if this is Cycbot or not:
1. Proxy (usually on 50370 port).
2. Existence of Cycbot files in appropriate locations.
3. Redirects and popups.
Cycbot uses typical and legitimate program names : dwm.exe, svchost.exe and others. It is important to decide if these programs are started from C:\Windows… or C:\Users / C:\Documents and Settings\
In second case the programs are malicious. Process Explorer can help detecting locations of the particular process.
If you are sure that it is cycbot.B, then proceed with removal instructions for this parasite. If you are not sure if this is Cycbot, scan with spyhunter, Spyhunter, Malwarebytes Anti-Malware and decent internet security suite. Additional tools might provide better information about type of infection and remove it.
Additionally, it is advisable to disable system restore when scanning and removing Cycbot – it might infect restore points, and antivirus programs will not be able to get rid of it from there.

Automatic Cycbot removal tools


Other tools

  0   0
  1   0
    Malwarebytes anti-rootkit
  We might be affiliated with some of these programs. Full information is available in disclosure

Manual removal


Important Note: Although it is possible to manually remove Cycbot, such activity can permanently damage your system if any mistakes are made in the process, as advanced spyware parasites are able to automatically repair themselves if not completely removed. Thus, manual spyware removal is recommended for experienced users only, such as IT specialists or highly qualified system administrators. For other users, we recommend using TDSSKiller or other tools found on


About the author

 - Main Editor

I have started in 2007 after wanting to be more or less independent from single security program maker. Since then, we kept working on this site to make internet better and safer place to use.

December 14, 2010 15:47, May 17, 2012 16:30

One thought on “Cycbot

1 Comment
  1. You may want to include for those usere of the free edition of zonealarm to be on the lookout for programs trying to access Until I read his page, I thought the program was simply checking to see if it has internet access if needed, but by only checking , I felt comfortable to allow. There may be other useful info to add that you may think of from what I thought was OK.

Leave a Reply

Your email address will not be published. Required fields are marked *