Can not remove Trogjan.Generic.IS!K

[Alvin Cruz]

I am new to this forum so i would need some help with. I ran the Free a-square antivirus and detected alot of malware and remove most of all but not the "Trojan.Generic.IS!K". I keep getting this pop up windows that are fustrating.

File:C\users\Alvin Cruz\appData\Local\Temp\Jar_cashe626586633813257734.tmp/AppletX.class

File:C\users\Alvin Cruz\appData\Local\Temp\Jar_cashe626586633813257734.tmp/LoaderX.class

File:C\users\Alvin Cruz\appData\Local\Temp\Jar_cashe626586633813257734.tmp/PayloadX.class.

i have been reading some topics and you ask them to attatch logs how do you do that? i could attach an OTL.Txt and Extras Txt because that easy other than that i dont know how get the text log from a-square?

[Lynx]

...i have been reading some topics and you ask them to attatch logs how do you do that? i could attach an OTL.Txt and Extras Txt because that easy other than that i dont know how get the text log from a-square?

Hi Alvin Cruz, and welcome to the forum.

Do not run any other Tools and Utilities that suggested in other users cases.

Similarities that you see can be delusive. You can render your system inoperable.

Follow the instruction step-by-step; download; run only those Tools required as preliminary and attach all stated log files.

As for a-squared: After the Deep Scan finished - press <<Save report>> button

My regards

[Alvin Cruz]

Thank you Lynx, here is my report for a-squared.

[Lynx]

1) Your logs show that you have pirated / patched Software on your system and using keygens for generating illegal product keys.

Read special clause of the the instruction about that.

You must uninstall / remove all illegal Software before posting reports, otherwise you will not be assisted by malware fighter.

2) After that update a-squared, rescan and attach fresh a-squared report.

Do not quarantine /delete anything as it's stated in the instruction

3) Attach all required log files

My regards

[Alvin Cruz]

I also tried in using running Win32kDiag and cannot access and it gives the address to some EtwRTDiaLog.et1 and other information.

[Alvin Cruz]

The only program that i know that was installed that is piratcy is Adobe Illustrated other than that it was all unistilled.

[Lynx]

...I also tried in using running Win32kDiag and cannot access and it gives the address to some EtwRTDiaLog.et1 and other information....

Alvin Cruz,

Have you read my previous reply?

In addition why are you still running Tools that you not suppose to run?

Does the a-squared report meets the conditions for running Win32kDiag described in the instruction?

{added}

The only program that i know that was installed that is piratcy is Adobe Illustrated other than that it was all unistilled.

Well, there are WinRar and others, as far as I can see

The malware fighter will make the decision.

At least attach all required log files.

Were you able to run ISeeYouXP and HiJackFree?

[ShadowPuterDude]

Until you have removed all pirated software, keygens, patches, and cracks. You will not receive malware removal assistance.

Software piracy is illegal, and failure to comply with requests to remove illegal software will result in you not receiving assistance on this forum.

[Alvin Cruz]

I have removed all that i could possible think off, my computre should be clean programs now but if didnt could you please let me know so i could remove them. Here are the new reports and yes I know now not to mess with those softwares from now on.

Thanks

[ShadowPuterDude]

You are not following the directions as outlined in the thread tilted START HERE, if you don't we are just going to send you back to this thread. Your a-squared log does not show the infection that requires the running of Win32kDiag. You are missing 2 required logs.

[Alvin Cruz]

I did what was instructed to do, first a "full scan" with a-squared and then i ran Win32kDiag but when i Ran Win32kdiag it said it could not connect to alot of files or something like that and then is said "finished click to any button to exit". so what i notice on my desktop that there were two reports one was a a-squared and Win32kDiag, please let me know if their is another step because what i read in your start up, its exactly what i did and what you told me to do.

[Alvin Cruz]

oh, i see the other two reports are ISeeYouXP and HiJackFree reports. but i have a problem, when i ran ISeeYouXp is not compatibal with Windows vista x64 and i see you have fixes with other os but the Vista x64. what could you advise?

[Lynx]

Have you read my previous reply?

In addition why are you still running Tools that you not suppose to run?

Does the a-squared report meets the conditions for running Win32kDiag described in the instruction?

Your a-squared log does not show the infection that requires the running of Win32kDiag. You are missing 2 required logs.

You are not following the directions as outlined in the thread tilted START HERE, if you don't we are just going to send you back to this thread

[Lynx]

Typing at the same time.

ShadowPuterDude will advice regarding ISeeYouXP

[Alvin Cruz]

Lynx, i removed all the tools that i had because i have saved them in one folder itself and the programs that were installed are removed as well, if you could tell which ones, that would be great so that i could look in my computer and removed them.

[Lynx]

My last comment and quotes were about the Tools, that you are not suppose to run according to the instruction (Win32kDiag). Please read attentively

Can you attach HiJackFree log file?

And as it was pointed you will be advised about ISeeYouXP & x64 platform

[Alvin Cruz]

sorry, but here is the HiJack log

[ShadowPuterDude]

We will use OTL in place of ISeeYouXP.

Download -->> OTL <<-- to your desktop.

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  
• When the window appears, underneath Output at the top change it to Minimal Output.
  
• Check the boxes beside LOP Check and Purity Check.
  
• Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
    Note: These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
    
  • Attach both logs with your next reply.
    

[Alvin Cruz]

I did what is said with OTL but when I finished running it, it only opens the OTL.txt report, I cant find the Extra.txt it saves on my desktop.

[Alvin Cruz]

only one report was pop open and it was OTL but the Extras.txt did not open or seems that was created.

[ShadowPuterDude]

That's OK. Attach the OTL log.

[Alvin Cruz]

Here it is.

[ShadowPuterDude]

Run OTL.exe

• Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
  

  :OTL
  IE - HKCU\..\URLSearchHook: *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
  IE - HKCU\..\URLSearchHook: *{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
  O8 - Extra context menu item: Crawler Search -  File not found
  
  :Files
  C:\Windows\*.tmp
  C:\Windows\msa.exe
  C:\Windows\tasks\{7B02EF0B-A410-4938-8480-9BA26420A627}.job
  C:\Windows\tasks\{BB65B0FB-5712-401b-B616-E69AC55E2757}.job 
  @C:\Users\Alvin Cruz\Documents\Shareaza Downloads:Shareaza.GUID
  @C:\ProgramData\Temp:C918AC7F
  
  :Commands
  [purity]
  [emptytemp]
  [start explorer]
  [Reboot]

  
  

• Then click the Run Fix button at the top
  
• Let the program run unhindered, reboot when it is done
  
• Attach the new OTL log ( don't check the boxes beside LOP Check or Purity this time )

[Alvin Cruz]

okay, I ran Fix as the way you told me and reboot it. when my compture finish rebooting the log was open, so now do i have run again OTL without checking Lop and Purity, is that correct?

[Alvin Cruz]

above what I said about the only report that was created when finishing rebooting is attatched so let me know if this not the report you looking. thank you for being patient.

[ShadowPuterDude]

OK run OTL again and attach the resulting logs.

[Alvin Cruz]

here is the reports.

[ShadowPuterDude]

Attach a fresh a-squared log.

Be sure to tell me how things are running.

[Alvin Cruz]

Well, i dont get any pop open windows from explore but i do get this message when im on the internet, "error occure of the internet" and must close program. i have AVG but for some reason i can scan it maybe because the virus but anyways when i ran OTL my warning from AVG pop open and said Virus "OTL Moved" in a specific locations but i consider it an red alert.

[ShadowPuterDude]

Copy the contents of the below quote box to Notepad; Save As FixReg.reg to your Desktop; make sure File Type: is set to All Files (*.*).

REGEDIT4

[-HKEY_USERS\S-1-5-21-61316282-4026043858-3930591723-1000\software\NordBull]
[-HKEY_USERS\S-1-5-21-61316282-4026043858-3930591723-1000\software\PopRock]
[-HKEY_USERS\S-1-5-21-61316282-4026043858-3930591723-1000\Software\Monopod]
[-HKEY_LOCAL_MACHINE\software\Classes\XML.XML]
[-HKEY_USERS\S-1-5-21-61316282-4026043858-3930591723-1000\software\Microsoft\Windows\CurrentVersion\Ext\Stats\{500BCA15-57A7-4EAF-8143-8C619470B13D}]
[-HKEY_USERS\S-1-5-21-61316282-4026043858-3930591723-1000\software\XML]

Close Notepad.

Locate FixReg.reg on your Desktop. Double-click on it and answer 'Yes' when asked if you want to merge with the registry.

-----------------------------------------------------------

Reboot

Attach a fresh a-squared log.

[Alvin Cruz]

I have attatched a fresh a-squared log but I am still having problems with the internet being stable and AVG is still detecting that "msa.exe" is infected with a trojan.generic9

[ShadowPuterDude]

Where is AVG finding msa.exe? Your a-squared log shows that it is no longer present in the Windows folder.

[Alvin Cruz]

It is detecting in C:/OTL/MovedFiles/10292009_195332/Windows/msa.exe and it says is infected.

[Alvin Cruz]

tonight i got this warning from my windows "

Remove the Trojan.PWS.Legmir.AD / [email protected] virus from your computer

This problem was caused by Trojan.PWS.Legmir.AD / [email protected], a known computer virus.

To prevent this problem from occurring again, install and run an up-to-date antivirus program on your computer." I dont know what to do?

[ShadowPuterDude]

Download ComboFix from one of these locations:

Save as Combo-Fix.exe during the download. ComboFix must be renamed before you download to your Desktop

Link 1

Link 2

Link 3

* IMPORTANT !!! Save Combo-Fix to your Desktop

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  See HERE for help
  
• Double click on ComboFix.exe & follow the prompts.
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, ComboFix will produce a log.

Note:

1. Do not mouseclick combofix's window while it's running. That may cause it to stall!

2. Remember to re-enable your anti-virus and anti-spyware before reconnecting to the Internet.

-----------------------------------------------------------

Attach fresh logs for:

• ComboFix (C:\combofix.txt)
  
• a-squared Free/Anti-Malware

Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now!

[Alvin Cruz]

it say's that Combo-Fix is only compatible with Windows 2000 and XP.

What to do now?

[Alvin Cruz]

It Actualy say's Error win32 that is "Incomplete OS and ComboFix only works with windows 2000 and XP"

[ShadowPuterDude]

Attach fresh logs for OTL, a-squared, and HiJackFree.

[Alvin Cruz]

here are fresh logs, I did them today.

[ShadowPuterDude]

"Remove the Trojan.PWS.Legmir.AD / [email protected] virus from your computer

This problem was caused by Trojan.PWS.Legmir.AD / [email protected], a known computer virus.

To prevent this problem from occurring again, install and run an up-to-date antivirus program on your computer."

What is generating these messages? Windows does not generate this type of message.

Your logs aren't showing any infection that would be the cause of this type of alert.

Grab a screen shot the next time you get this alert and attach it to your reply.

[ShadowPuterDude]

Thread Closed

Reason: Lack of Response

PM either ShadowPuterDude or Lynx to have this thread reopened.

The procedures contained in this thread are for this user and this user only. Attempting to use the instructions in this thread on your system could result in damaging the Operating System beyond repair. Do Not use any of the tools mentioned in this thread without the supervision of a Malware Removal Specialist.

All posters requesting Malware Removal assistance are required to follow all procedures in the thread titled START HERE, if you don't we are just going to send you back to this thread