Get the 411 on Spyware
BS2005 Removal Guide
If your Windows operating system is outdated, BS2005 is an infection that could have slithered in and caused problems for years. According to our research team, the malicious Trojan first started invading operating systems back in 2012, and it was created by Operation Ke3chang. The primary pathway for this threat into an operating system was the CVE-2015-2545 vulnerability that allowed it to spread using misleading spam emails. However, this vulnerability was patched in 2015, and so we believe that most Windows users will have this security backdoor closed. That being said, there are instances when people do not install Windows updates. Also, once the infection is inside the computer, it can remain undetected despite the installed updates. So, do you need to delete BS2005 from your operating system? If you are not sure, install a legitimate malware scanner that will inform you if you need to remove anything malicious.
It is unlikely that BS2005 was created to attack just anyone. In the past, this infection was spreading across the systems that were connected to Indian embassies. So, is this Trojan a cyber espionage tool? That could be the case, but we cannot know that Operation Ke3chang is still using it in the same manner. As a matter of fact, a different infection called “Ketrican” is said to have the same malicious code as BS2005, and so it is possible that the attackers have moved on. It is also possible that some third-party has copied the code. All in all, we do not have enough information about all of this, but since BS2005 is an old infection, it is highly likely that it has evolved since its first form. That being said, even if it is active today, it is still likely to use spam emails for distribution. This is why you should delete spam emails without even opening them. If you are tricked by a misleading message, you could also be tricked into executing malware yourself.
According to our malware research team, BS2005 is meant to read, write, and delete files or folders, as well as run shell commands. All of this could help the attackers behind this infection to drop new threats, record private information, inject spyware, and create other security problems. The very least it can do is record and transfer information about the infected system/computer, and this information could be very valuable to the attackers as well. All in all, the infection is likely to remain completely silent, and unless additionally downloaded components are more noticeable, it could remain hidden for a long time. This is why routine system scans are so incredibly important. If you have not scanned your operating system yet, we suggest doing it as soon as possible. While you might be most interested in removing BS2005 at this point, you need to scan your system to check for additional malware that you might be unaware of completely.
If you know for a fact that you need to remove BS2005 from your operating system, the chances are that you will find this infection in the %ALLUSERSPROFILE%\IEHelper\ folder. However, if you are dealing with a different version of this malware, the location of the Trojan could be different. Also, other threats could exist as well. Due to this, manual removal might be too complicated, especially for the inexperienced user. Luckily, reliable anti-malware software is here to save the day. If you install reliable and legitimate software, it will automatically delete all existing threats – including BS2005, in whichever form it might appear – and it will also reinstate Windows protection to ensure that you do not need to deal with malware ever again. Just don’t forget to beware of spam emails that could be set up to expose you to new infections!
How to delete BS2005
- Simultaneously tap Win+E to access Windows Explorer.
- Into the quick access field at the top, enter %ALLUSERSPROFILE%.
- Delete the folder named IEHelper with the malicious mshtml.dll file inside.
- Empty Recycle Bin and then immediately install a legitimate malware scanner.
- Perform a full system scan, and if other threats are found – delete them ASAP.
