BS2005 Removal Guide

Do you know what BS2005 is?

BS2005 is a Trojan infection that may remain on your system for a long time before you notice it. It is a remote access tool that is used to collect important information on the infection system. The problem with Trojans is that they don’t have a UI, and so unless there is something really suspicious about your system’s behavior, there is virtually no way to tell that BS2005 has entered your system. To protect yourself from such infections and to remove BS2005 as soon as possible, you have to employ regular system scans.

Technically, this is an old Trojan infection that was created in 2012 by Operation Ke3chang. However, the infection seems to re-emerge from time to time, when the actors exploit new vulnerabilities for their attacks. As far as we know, BS2005 would usually spread through phishing emails exploiting the CVE-2015-2545 vulnerability. This vulnerability was first made public in September 2015. It means that the vulnerability should be fixed with patches by now. If users employ licensed software, the updates should be applied the moment they are released. However, if users use a pirated version of software, there is a very good chance that their programs could be vulnerable to malicious exploitations.

Therefore, it is vital to apply software updates when they are issued, and you should definitely refrain from using old or pirated versions of certain programs because that could easily be exploited by people behind BS2005.

The vulnerability that allows this Trojan spread around comes as an MHTML document. These documents open in Microsoft Word by default. So users receive a file through phishing messages, and they are urged to open these documents, thinking they are very important. The moment users open those documents, they initiate the communication and download chain that eventually downloads and installs BS2005 on their computers. We can only hope that the number of infections has decreased by now.

When it comes to such infections, a lot of their behavioral patterns depend on what the people controlling them want these programs to do. BS2005 has a list of functions that it can perform, and we can tell you more about them, but it is important to remember that the Trojan might not perform everything on every single infected machine.

We do know for sure that BS2005 can gather information about the infected system. It means that it can collect data on your operating system, its version, configurations, and so on. Then it can read, write, and delete files and folders, and even run Shell commands. In other words, BS2005 maintains the connection with its command and control center the entire time. All the data it collects and logs can be later on sent over the connection to the hackers responsible for the infection.

You may also find sources that say BS2005 is similar to TidePool, which is also created by Ke3chang. It uses the same vulnerability to infiltrate its victims’ computers, but TidePool seems to be a more developed version of BS2005.

Is it really bad if you get infected with BS2005? Well, that depends on what you consider “bad.” For one, this Trojan cannot destroy your system or delete all of your files on the stop. Since it is a remote access tool Trojan, this infection is used more like an espionage tool, and it is more interested in stealing sensitive data rather than ruining your software and hardware. However, information is the most expensive commodity these days, and you should not take this intruder lightly. Although it is hard to determine whether you are infected with a Trojan or not, you should leave that to a security tool and regular system scans.

If by any chance, a security tool of your choice detects BS2005 on your system, you must remove it immediately. It is also possible to delete this Trojan manually, and we will leave manual removal instructions below this description. However, it is recommended to rely on a licensed antispyware application that would terminate all the malicious files automatically, and it will also protect your system from similar intruders in the future. However, you should also be careful about phishing scams if you want to avoid such infections.

How to Remove BS2005

  1. Press Win+R and type %ALLUSERSPROFILE%. Click OK.
  2. Go to IEHelper and delete the mshtml.dll file.
  3. Scan your system with SpyHunter.

In non-techie terms:

BS2005 is a stealthy infection that may remain undetected on your system for a while. You need to employ regular system scans to terminate this and other similar intruders as soon as possible. If you do not remove BS2005 at once, this Trojan can steal your sensitive information, and it will be worse than crippling your computer. Thus, protect your information and your system today by getting rid of all the suspicious and potentially malicious threats.