sousaman

stupid trojans!

Recommended Posts

so I ran a a-squared anti-malware scan on my computer and found a Trojan.Win32Hiloti!IK. So i go to delete it and it says C:\Users\owner\AppData\Local\atroxmg.dll can not be deleted! Please consult the experts in the a-squared online forum for help with manual removal of this malware.

So I need your help to remove this PESTERING trojan!! any advise?

Thanks

Andrew Jones

Share this post


Link to post
Share on other sites

Hi Andrew ,

Welcome to the forum

=======

Read the following instructions

START HERE, if you don't we are just going to send you back to this thread <--click

Prepare and post the required log files into this thread

Wait for reply from ShadowPuterDude, Katana, or JeanInMontana

for assistance and further instructions.

=======

My regards

P.S. Posting just the file name or the alleged infection name does not provide any information

The location of the files / precise names of files and/or Registry Entries ; processes, etc. are required. The same applies to the detections names. All that info should be in the saved report produced by a-squared. That will be one of the steps in the instruction

Share this post


Link to post
Share on other sites

Hi sousaman and welcome to Emsi support. Please follow the instructions given by Lynx and post accordingly. I am watching this topic and will assist as best I can.

Share this post


Link to post
Share on other sites

Hi sousaman and welcome to Emsi support. Please follow the instructions given by Lynx and post accordingly. I am watching this topic and will assist as best I can.

It gave me the message:This program cannot run due to incompatibility with 64-bit version of windows. Please contact the software vendor to ask if a 64-bit Windows compatible is available

I am working on that situation

Edited by JeanInMontana
Initial instructions not followed

Share this post


Link to post
Share on other sites

Hi sousaman, I'm sorry but you must follow the instructions exactly as they are written.

DO NOT copy and paste logs into your replies. They will be removed by the Moderation team and you will be told to attach your logs. If your are experiencing problems attaching logs, double check the file extension.

* Allowable file types are: LOG, RTF, and TXT.

Only post logs with the file extensions of LOG and TXT.

We have to follow these instructions to keep the thread a reasonable length to read. I will speak to the creator of the program giving you the error.

Share this post


Link to post
Share on other sites

ok. sorry about that.

OK great and in place of ISeeYou we will use another program that will run on 64 bit.

Download OTL to your desktop.


  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
      Note: These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
    • Attach both logs with your next reply.

Edited by ShadowPuterDude
Corrected Instructions

Share this post


Link to post
Share on other sites

OK great and in place of ISeeYou we will use another program that will run on 64 bit.


  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
      Note: These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
    • Attach both logs with your next reply.

What is this other program?

Which Icon do i double click on?

Share this post


Link to post
Share on other sites

What is this other program? Which Icon do i double click on?

Hi sousaman,

That was a typo (it happens ;) ).

Please wait and JeanInMontana will fix it

I contacted her

My regards

Share this post


Link to post
Share on other sites

Thanks for your patience. Please follow these instructions:

Run OTL.exe

  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
    :OTL
    PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    
    :Files
    C:\Users\owner\AppData\Local\atroxmg.dll
    
    :Commands
    [purity]
    [emptytemp]
    [start explorer]
    [Reboot]


  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )

Share this post


Link to post
Share on other sites

Did you reboot the machine? If not please do so, update a2 and run a quick scan. Post that log and give me feed back on how your running now.

Share this post


Link to post
Share on other sites

Yes I did reboot the machine after I RunFix...it still didnt work...but I will run another quick scan and give you the log and I will do another RunFix as well...

My Status right now is that AVG is still telling me that many files are infected with trojans.

Share this post


Link to post
Share on other sites

Thread Closed

Reason: Lack of Response

PM either ShadowPuterDude or Lynx to have this thread reopened.

The procedures contained in this thread are for this user and this user only. Attempting to use the instructions in this thread on your system could result in damaging the Operating System beyond repair. Do Not use any of the tools mentioned in this thread without the supervision of a Malware Removal Specialist.

All posters requesting Malware Removal assistance are required to follow all procedures in the thread titled START HERE, if you don't we are just going to send you back to this thread

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.