Cycbot (sometimes called Cycbot.b or Win32/Cycbot.B) is a Trojan/Backdoor infecting PCs and giving remote access to hackers or planting fake antiviruses into infected PCs. This sort of trojans is one of the possible reasons for Search engine redirection, when your search results are filtered, replaced or you are redirected to harmful websites. Thus Cycbot infections are something you should be concerned about: while the parasite itself will not destroy your PC or steal information directly, it can provide enough access to other applications or people to do so. There couple versions of Cycbot : Cycbot.B, Cycbot.AC are noticed quite often.
The main symptoms of Cycbot include Google redirection. Although not always caused by this particular form of malware, there are signs that can help determining if this is Cycbot or not:
1. Proxy (usually on 50370 port).
2. Existence of Cycbot files in appropriate locations.
3. Redirects and popups.
Cycbot uses typical and legitimate program names : dwm.exe, svchost.exe and others. It is important to decide if these programs are started from C:\Windows… or C:\Users / C:\Documents and Settings\
In second case the programs are malicious. Process Explorer can help detecting locations of the particular process.
If you are sure that it is cycbot.B, then proceed with removal instructions for this parasite. If you are not sure if this is Cycbot, scan with spyhunter, Spyhunter, Malwarebytes Anti-Malware and decent internet security suite. Additional tools might provide better information about type of infection and remove it.
Additionally, it is advisable to disable system restore when scanning and removing Cycbot – it might infect restore points, and antivirus programs will not be able to get rid of it from there.
Automatic Malware removal tools