Author Topic: Removal of Trojan:Win32/Dynamer!ac Virus  (Read 6628 times)

0 Members and 3 Guests are viewing this topic.

August 13, 2015, 08:47:35 PM

wallacebill

  • Newbie

  • Offline
  • *

  • 3
  • Reputation:
    0
    • View Profile
Removal of Trojan:Win32/Dynamer!ac Virus
« on: August 13, 2015, 08:47:35 PM »
Hi,
I've had problems getting rid of a Trojan:Win32/Dynamer!ac Virus infection which was found on my Windows 7 Notebook by Microsoft Security Essentials. It found the Virus but doesn't appear to be able to get rid of it. I've been following advise I got on a Microsoft Support Forum which advised me to follow an 8 - Stop Process to get rid of it to be found at the following URL: http://malwaretips.com/blogs/trojan-win32-dynamer-ac-removal/.

Step 4 uses the Adlice RogueKiller tool which I have just run.

The reports for MBR and Files/Folder showed nothing
The reports for Web Browsers, AntiRoot and Hosts File showed entries in green all of which were shown as clean and shown for information only.
The report for Tasks showed one entry only as per the attached file. I tried to delete the file as it advised it was a suspicious malware however it advised that there was an error.
The reports for Registry showed one PUP which it advised as suspected malware and nine PUMs which all had the confirmed IP address 192.168.1.10.0.0.0 which I understood meant that they were ok and didn't need to be deleted? When I tried to delete the PUP I again got an error message.
I'd appreciate if anyone can advise if I took the correct course of action with the PUMs from the Registry report and what I need to do with the two errors - one each from the Tasks and Registry reports.

Thanks for your advise.

Regards

Bill

Reply #1August 13, 2015, 09:50:19 PM

Curson

  • Global Moderator
  • Hero Member

  • Offline
  • *****

  • 2809
  • Reputation:
    100
    • View Profile
Re: Removal of Trojan:Win32/Dynamer!ac Virus
« Reply #1 on: August 13, 2015, 09:50:19 PM »
Hi Bill,

Welcome to Adlice.com Forum.
Could you please copy/paste full RogueKiller TXT report in your next reply ?

Quote from: Bill
The reports for Registry showed one PUP which it advised as suspected malware and nine PUMs which all had the confirmed IP address 192.168.1.10.0.0.0 which I understood meant that they were ok and didn't need to be deleted?
You are completely right about that.

Regards.

Reply #2August 14, 2015, 11:07:58 AM

wallacebill

  • Newbie

  • Offline
  • *

  • 3
  • Reputation:
    0
    • View Profile
Re: Removal of Trojan:Win32/Dynamer!ac Virus
« Reply #2 on: August 14, 2015, 11:07:58 AM »
As requested the reports are attached.

Reply #3August 14, 2015, 11:13:08 AM

wallacebill

  • Newbie

  • Offline
  • *

  • 3
  • Reputation:
    0
    • View Profile
Re: Removal of Trojan:Win32/Dynamer!ac Virus
« Reply #3 on: August 14, 2015, 11:13:08 AM »
They are hopefully attached this time!

Reply #4August 17, 2015, 02:21:02 PM

Curson

  • Global Moderator
  • Hero Member

  • Offline
  • *****

  • 2809
  • Reputation:
    100
    • View Profile
Re: Removal of Trojan:Win32/Dynamer!ac Virus
« Reply #4 on: August 17, 2015, 02:21:02 PM »
Hi wallacebill,

Something must be verified.
Launch the command prompt windows (cmd) with admin rights and copy/paste the following command :
Code: [Select]
reg.exe save HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects %USERPROFILE%\Desktop\BHO.hiv && copy C:\Users\Bill\AppData\Local\Temp\launchie.vbs %USERPROFILE%\Desktop\launchie.txt
Two files, BHO.hiv and launchie.txt will be created on your desktop. Please attach them in your next reply.

Regards.