Removing Udchniv and Atthdop Spyware

These two particular strains of spyware have an interesting defense strategy. However, let me first describe the symptoms of these spyware programs.

1) Add / Remove Programs closes after a few seconds.
2) msconfig and regedit programs close after a few seconds.
3) Google search for keywords like SuperAntiSpyware and udchniv causes the Internet Explorer browser to close.
4) Attempting to run Malwarebyte’s mbab-setup.exe program does nothing.
5) Attempting to run SuperAntiSpyware installation or application either fails or causes some kind of system error.

If you notice these systems on your computer, then you may have been infected with udchniv or atthdop.

The good news is that they are easy to cleanup with Malwarebyte’s Anti-Malware. However, you have to do a couple of tricks to outsmart the spyware.

First, you need to rename the mbab-setup.exe program to something else like abc.exe. This is because the spyware is actively running and causes mbab-setup.exe to abort. By renaming the setup program you can get around this defense.

Second, once Mal’s program is installed you also have to rename the application file. This is located at C:\Program Files\Malwarebytes’ Anti-Malware\.

The file you need to rename is mbab.exe. Rename it to something like xyz.exe and then run that program. This will allow you to run the full Malwarebyte’s Anti-Malware program which is able to remove the udcniv and atthdop spyware.

If after running Mal’s you still have problems, repeat the same technique with SuperAntiSpyware and spyware should be removed completely.