help me remove a trojan

[bowlef]

hi there whilst trying to help out my dad fix his laptop I had a2 free find Gen.Trojan!IK in 13 different locations I will attatch the saved report when I try to quarantine these the laptop does a physical memory dump then restarts

[Lynx]

Hi bowlef,

Welcome to the forum

=======

Read the following instructions

START HERE, if you don't we are just going to send you back to this thread <--click

Prepare and post the required log files into this thread

Wait for reply from ShadowPuterDude, Katana, or JeanInMontana

for assistance and further instructions.

=======

My regards

[JeanInMontana]

Two days still waiting for the logs requested. Please follow instructions and post back.

[ShadowPuterDude]

bowlef,

The infection will prevent most of the tools listed in the instructions from running.

Download to your Desktop Win32kDiag.exe by AD.

Run Win32kDiag

It will save a report on the Desktop (Win32kDiag.txt).

Attach that report on your next reply.

JeanInMontana, will assist you once this log is provided.

[bowlef]

Sorry not replyed for a couple of days my lifes been very busy and like I said it is my fathers laptop and as i dont live with him It can be hard work to get hold off to sort out. I have now taken it with me and I'll check as soon as I get the chance tomorrow but anyway heres ther report that you wanted

[JeanInMontana]

Hi bowlef, I understand and am in the same situation. We will try to get through this together and get 'Dad' back online in fine form. I need some time to look over the logs.

[JeanInMontana]

Please re-run the scan with Win32Kdiag. It did not finish the scan. Then repost the log.

[bowlef]

it came up with an error hope this helps

[JeanInMontana]

OK, I need to seek another opinion on this. Not familiar with the tool and or why it would give an error. Stay tuned.

[JeanInMontana]

Go to start > run and copy and paste the following command in the field:

"%userprofile%\desktop\win32kdiag.exe" -f -r

When it's finished, there will be a log called Win32kDiag.txt on your desktop.

Attach that log.

[bowlef]

for some reason I the file is too big and i can't download winrar or winzip or anything any ideas on what to do?

[Lynx]

Hi bowlef,

What is the actual size of the produced report?

It may happen that existing restriction has to be changed

My regards

[JeanInMontana]

for some reason I the file is too big and i can't download winrar or winzip or anything any ideas on what to do?

You don't need to download anything to zip the file. Right click it and choose 'send to' and then zipped file. Attach that file.

[bowlef]

sorry about that didn't realise there was one built in to windows

[JeanInMontana]

The built in zip has been since XP was released. I am seeking a second opinion and will get back to you soon as I can. I've had some unexpected developments and have to deal with them, so my forum time is cut down.

[JeanInMontana]

Hi again please do this,

Go to start > run and copy and paste the following command in the field

"%userprofile%\desktop\win32kdiag.exe" -f -r

This should allow all locked files to be opened again. Then please follow these instructions.

Download ComboFix from one of these locations:

Link 1

Link 2

Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  See HERE for help
  
• Double click on ComboFix.exe & follow the prompts.
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, ComboFix will produce a log.

Note:

1. Do not mouseclick combofix's window while it's running. That may cause it to stall!

2. Remember to re-enable your anti-virus and anti-spyware before reconnecting to the Internet.

-----------------------------------------------------------

[ShadowPuterDude]

Thread Closed

Reason: Lack of Response

PM either ShadowPuterDude or Lynx to have this thread reopened.

The procedures contained in this thread are for this user and this user only. Attempting to use the instructions in this thread on your system could result in damaging the Operating System beyond repair. Do Not use any of the tools mentioned in this thread without the supervision of a Malware Removal Specialist.

All posters requesting Malware Removal assistance are required to follow all procedures in the thread titled START HERE, if you don't we are just going to send you back to this thread