Jump to content

Can not remove Trogjan.Generic.IS!K


Alvin Cruz
 Share

Recommended Posts

I am new to this forum so i would need some help with. I ran the Free a-square antivirus and detected alot of malware and remove most of all but not the "Trojan.Generic.IS!K". I keep getting this pop up windows that are fustrating.

File:C\users\Alvin Cruz\appData\Local\Temp\Jar_cashe626586633813257734.tmp/AppletX.class

File:C\users\Alvin Cruz\appData\Local\Temp\Jar_cashe626586633813257734.tmp/LoaderX.class

File:C\users\Alvin Cruz\appData\Local\Temp\Jar_cashe626586633813257734.tmp/PayloadX.class.

i have been reading some topics and you ask them to attatch logs how do you do that? i could attach an OTL.Txt and Extras Txt because that easy other than that i dont know how get the text log from a-square?

Link to comment
Share on other sites

...i have been reading some topics and you ask them to attatch logs how do you do that? i could attach an OTL.Txt and Extras Txt because that easy other than that i dont know how get the text log from a-square?

Hi Alvin Cruz, and welcome to the forum.

Do not run any other Tools and Utilities that suggested in other users cases.

Similarities that you see can be delusive. You can render your system inoperable.

Follow the instruction step-by-step; download; run only those Tools required as preliminary and attach all stated log files.

As for a-squared: After the Deep Scan finished - press <<Save report>> button

My regards

Link to comment
Share on other sites

1) Your logs show that you have pirated / patched Software on your system and using keygens for generating illegal product keys.

Read special clause of the the instruction about that.

You must uninstall / remove all illegal Software before posting reports, otherwise you will not be assisted by malware fighter.

2) After that update a-squared, rescan and attach fresh a-squared report.

Do not quarantine /delete anything as it's stated in the instruction

3) Attach all required log files

My regards

Link to comment
Share on other sites

...I also tried in using running Win32kDiag and cannot access and it gives the address to some EtwRTDiaLog.et1 and other information....

Alvin Cruz,

Have you read my previous reply?

In addition why are you still running Tools that you not suppose to run?

Does the a-squared report meets the conditions for running Win32kDiag described in the instruction?

{added}

The only program that i know that was installed that is piratcy is Adobe Illustrated other than that it was all unistilled.

Well, there are WinRar and others, as far as I can see

The malware fighter will make the decision.

At least attach all required log files.

Were you able to run ISeeYouXP and HiJackFree?

Link to comment
Share on other sites

I did what was instructed to do, first a "full scan" with a-squared and then i ran Win32kDiag but when i Ran Win32kdiag it said it could not connect to alot of files or something like that and then is said "finished click to any button to exit". so what i notice on my desktop that there were two reports one was a a-squared and Win32kDiag, please let me know if their is another step because what i read in your start up, its exactly what i did and what you told me to do.

Link to comment
Share on other sites

Have you read my previous reply?

In addition why are you still running Tools that you not suppose to run?

Does the a-squared report meets the conditions for running Win32kDiag described in the instruction?

Your a-squared log does not show the infection that requires the running of Win32kDiag. You are missing 2 required logs.

You are not following the directions as outlined in the thread tilted START HERE, if you don't we are just going to send you back to this thread

Link to comment
Share on other sites

My last comment and quotes were about the Tools, that you are not suppose to run according to the instruction (Win32kDiag). Please read attentively

Can you attach HiJackFree log file?

And as it was pointed you will be advised about ISeeYouXP & x64 platform

Link to comment
Share on other sites

We will use OTL in place of ISeeYouXP.

Download -->> OTL <<-- to your desktop.

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
      Note: These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
    • Attach both logs with your next reply.

Link to comment
Share on other sites

Run OTL.exe

  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
    :OTL
    IE - HKCU\..\URLSearchHook: *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
    IE - HKCU\..\URLSearchHook: *{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
    O8 - Extra context menu item: Crawler Search -  File not found
    
    :Files
    C:\Windows\*.tmp
    C:\Windows\msa.exe
    C:\Windows\tasks\{7B02EF0B-A410-4938-8480-9BA26420A627}.job
    C:\Windows\tasks\{BB65B0FB-5712-401b-B616-E69AC55E2757}.job 
    @C:\Users\Alvin Cruz\Documents\Shareaza Downloads:Shareaza.GUID
    @C:\ProgramData\Temp:C918AC7F
    
    :Commands
    [purity]
    [emptytemp]
    [start explorer]
    [Reboot]


  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Attach the new OTL log ( don't check the boxes beside LOP Check or Purity this time )

Link to comment
Share on other sites

Well, i dont get any pop open windows from explore but i do get this message when im on the internet, "error occure of the internet" and must close program. i have AVG but for some reason i can scan it maybe because the virus but anyways when i ran OTL my warning from AVG pop open and said Virus "OTL Moved" in a specific locations but i consider it an red alert.

Link to comment
Share on other sites

Copy the contents of the below quote box to Notepad; Save As FixReg.reg to your Desktop; make sure File Type: is set to All Files (*.*).

REGEDIT4

[-HKEY_USERS\S-1-5-21-61316282-4026043858-3930591723-1000\software\NordBull]
[-HKEY_USERS\S-1-5-21-61316282-4026043858-3930591723-1000\software\PopRock]
[-HKEY_USERS\S-1-5-21-61316282-4026043858-3930591723-1000\Software\Monopod]
[-HKEY_LOCAL_MACHINE\software\Classes\XML.XML]
[-HKEY_USERS\S-1-5-21-61316282-4026043858-3930591723-1000\software\Microsoft\Windows\CurrentVersion\Ext\Stats\{500BCA15-57A7-4EAF-8143-8C619470B13D}]
[-HKEY_USERS\S-1-5-21-61316282-4026043858-3930591723-1000\software\XML]

Close Notepad.

Locate FixReg.reg on your Desktop. Double-click on it and answer 'Yes' when asked if you want to merge with the registry.

-----------------------------------------------------------

Reboot

Attach a fresh a-squared log.

Link to comment
Share on other sites

tonight i got this warning from my windows "

Remove the Trojan.PWS.Legmir.AD / [email protected] virus from your computer

This problem was caused by Trojan.PWS.Legmir.AD / [email protected], a known computer virus.

To prevent this problem from occurring again, install and run an up-to-date antivirus program on your computer." I dont know what to do?

Link to comment
Share on other sites

Download ComboFix from one of these locations:

Save as Combo-Fix.exe during the download. ComboFix must be renamed before you download to your Desktop

Link 1

Link 2

Link 3

* IMPORTANT !!! Save Combo-Fix to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
    See HERE for help
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RcAuto1.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

whatnext.png

Click on Yes, to continue scanning for malware.

When finished, ComboFix will produce a log.

Note:

1. Do not mouseclick combofix's window while it's running. That may cause it to stall!

2. Remember to re-enable your anti-virus and anti-spyware before reconnecting to the Internet.

-----------------------------------------------------------

Attach fresh logs for:

  • ComboFix (C:\combofix.txt)
  • a-squared Free/Anti-Malware

Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now!

Link to comment
Share on other sites

"Remove the Trojan.PWS.Legmir.AD / [email protected] virus from your computer

This problem was caused by Trojan.PWS.Legmir.AD / [email protected], a known computer virus.

To prevent this problem from occurring again, install and run an up-to-date antivirus program on your computer."

What is generating these messages? Windows does not generate this type of message.

Your logs aren't showing any infection that would be the cause of this type of alert.

Grab a screen shot the next time you get this alert and attach it to your reply.

Link to comment
Share on other sites

Thread Closed

Reason: Lack of Response

PM either ShadowPuterDude or Lynx to have this thread reopened.

The procedures contained in this thread are for this user and this user only. Attempting to use the instructions in this thread on your system could result in damaging the Operating System beyond repair. Do Not use any of the tools mentioned in this thread without the supervision of a Malware Removal Specialist.

All posters requesting Malware Removal assistance are required to follow all procedures in the thread titled START HERE, if you don't we are just going to send you back to this thread

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...