bowlef

help me remove a trojan

Recommended Posts

hi there whilst trying to help out my dad fix his laptop I had a2 free find Gen.Trojan!IK in 13 different locations I will attatch the saved report when I try to quarantine these the laptop does a physical memory dump then restarts

Share this post


Link to post
Share on other sites

Hi bowlef,

Welcome to the forum

=======

Read the following instructions

START HERE, if you don't we are just going to send you back to this thread <--click

Prepare and post the required log files into this thread

Wait for reply from ShadowPuterDude, Katana, or JeanInMontana

for assistance and further instructions.

=======

My regards

Share this post


Link to post
Share on other sites

bowlef,

The infection will prevent most of the tools listed in the instructions from running.

Download to your Desktop Win32kDiag.exe by AD.

Run Win32kDiag

It will save a report on the Desktop (Win32kDiag.txt).

Attach that report on your next reply.

JeanInMontana, will assist you once this log is provided.

Share this post


Link to post
Share on other sites

Sorry not replyed for a couple of days my lifes been very busy and like I said it is my fathers laptop and as i dont live with him It can be hard work to get hold off to sort out. I have now taken it with me and I'll check as soon as I get the chance tomorrow but anyway heres ther report that you wanted

Share this post


Link to post
Share on other sites

Hi bowlef, I understand and am in the same situation. We will try to get through this together and get 'Dad' back online in fine form. I need some time to look over the logs.

Share this post


Link to post
Share on other sites

Go to start > run and copy and paste the following command in the field:

"%userprofile%\desktop\win32kdiag.exe" -f -r

When it's finished, there will be a log called Win32kDiag.txt on your desktop.

Attach that log.

Share this post


Link to post
Share on other sites

Hi bowlef,

What is the actual size of the produced report?

It may happen that existing restriction has to be changed

My regards

Share this post


Link to post
Share on other sites

for some reason I the file is too big and i can't download winrar or winzip or anything any ideas on what to do?

You don't need to download anything to zip the file. Right click it and choose 'send to' and then zipped file. Attach that file.

Share this post


Link to post
Share on other sites

The built in zip has been since XP was released. :) I am seeking a second opinion and will get back to you soon as I can. I've had some unexpected developments and have to deal with them, so my forum time is cut down.

Share this post


Link to post
Share on other sites

Hi again please do this,

Go to start > run and copy and paste the following command in the field

"%userprofile%\desktop\win32kdiag.exe" -f -r

This should allow all locked files to be opened again. Then please follow these instructions.

Download ComboFix from one of these locations:

Link 1

Link 2

Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
    See HERE for help
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RcAuto1.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

whatnext.png

Click on Yes, to continue scanning for malware.

When finished, ComboFix will produce a log.

Note:

1. Do not mouseclick combofix's window while it's running. That may cause it to stall!

2. Remember to re-enable your anti-virus and anti-spyware before reconnecting to the Internet.

-----------------------------------------------------------

Share this post


Link to post
Share on other sites

Thread Closed

Reason: Lack of Response

PM either ShadowPuterDude or Lynx to have this thread reopened.

The procedures contained in this thread are for this user and this user only. Attempting to use the instructions in this thread on your system could result in damaging the Operating System beyond repair. Do Not use any of the tools mentioned in this thread without the supervision of a Malware Removal Specialist.

All posters requesting Malware Removal assistance are required to follow all procedures in the thread titled START HERE, if you don't we are just going to send you back to this thread

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.