Trojan.win32.Generic.pak!cobra.Engine

Posted on June 27th, 2011 by admin

This virus might be a google redirect trojan and it is not easy to clean, however, these are the first steps to take in trying to delete this nasty win32 virus.

go to start menu, then run, now type in MSCONFIG, go to startup tab and look for a long string of command that has random letters and sometimes numbers, disable that line and save.

Download Malwarebytes, update malwarebytes then do a full system scan. if any virus is found, it will delete it.

Now download spybot, do an update and a full scan, delete any melware or spyware it finds.

You surly must have a virus protection software, if not, download Microsoft Security Essentials, its free, update the app then a full scan.

These steps above should fix and delete the Trojan.win32.Generic.pak!cobra.Engine virus

Here are other virus trojans that are smiler to the one above and can be cleaned the same way.

Trojan.Win32.Generic!BT: Trojan
Trojan-Spy.Win32.Zbot.gen: Trojan
Exploit.PDF-JS.Gen (v): Exploit
Trojan.Win32.Generic!SB.0: Trojan
INF.Autorun (v): Trojan
Trojan.Win32.Hiloti.gen.d (v): Trojan
Trojan.Win32.Generic.pak!cobra: Trojan
Trojan.Win32.Adware: Adware (General)
MyWebSearch Toolbar: Potentially Unwanted Program
Trojan.Win32.Malware: Trojan

 
Posted in Trojan.win32.Generic.pak!cobra.Engine | Tags: , , , , , | Comments Off

Virus PWS-Zbot.gen.gi!E69284FFC72E

Posted on June 20th, 2011 by admin

Other Company Detection Aliases

Company Names Detection Names
AVG (GriSoft) Generic23.CWM
avira TR/FakeSysdef.A.1499
Kaspersky HEUR:Trojan.Win32.Generic
BitDefender Gen:Variant.Kazy.26475
FortiNet W32/Krap.AON!tr
Symantec Trojan.Fakeav
Eset Win32/Kryptik.OYP
Sophos Mal/FakeAV-IK

Attempts to connect to a high risk domain that may pose a security risk.  It also creates one or more shortcuts .LNK files to provide user accessible links to start a program usually form the desktop or start menu.

The following registry elements have been changed:

 

  • HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\USE FORMSUGGEST = Yes
  • HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\CERTIFICATEREVOCATION = 0
  • HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\WARNONBADCERTRECVING = 0
  • HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\WARNONZONECROSSING = 0
  • HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\ZONES\3\1601 = 0
  • HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\WINTRUST\TRUST PROVIDERS\SOFTWARE PUBLISHING\STATE = 146944
The applications attempted the following network connection(s):

 

  • 188.229.88.***:80
  • 46.161.11.***:80
  • hxxp://searcham.org/*****

 

To remove this virus,

1.Disable System Restore Windows ME XP only.

2.Update to current engine and DAT files for detection and removal.

3.Run a complete system scan.

Modifications made to the system Registry and  INI files for the purposes of hooking system startup, will be removed if cleaning with the recommended engine and DAT combination or higher.

 
Posted in Virus PWS-Zbot.gen.gi!E69284FFC72E | Tags: , , , , , | Comments Off
« Older Entries
Newer Entries »
 
 

Blogroll

Tags

anti malware antivirus AVG backdoor fake security software generic infected Internet Explorer IRC virus malwarebytes melwarebytes messaging Microsoft Security Essentials Popup Blocker quicktime removal scareware spyware threat Trojan trojan horse Virus virus removal Vulnerability w32 W32/Autorun windows worm

Resources