Jump to content

Window Activator Trojan


Recommended Posts

In an attempt to pirate windows, a coworker of mine has downloaded a fake windows activator from a website. he choose to disable KIS thinking the activator is genuine and install it. Now his computer behaving erratically.

1. Every now and then, the application is trying to connect to illegal websites triggering KIS Alarm. It appears from time to time.

2. We already use KIS to scan the computer, it detected it as WIN32. EPEH trojan, residing in System Memory. However, disinfecting and rebooting makes no changes.

3. Whenever we disinfect it without restarting, the problem seems to go away. but whenever we restart the computer, it comes back again.

Please suggest a way to remove the presistent trojan. Thanks

 

Link to comment
Share on other sites

Yes this is correct.

Disinfecting and rebooting is not removing it. Disinfecting it without reboot seems to remove it and stop the connection spam but it returns when computer restart.

Booting to save mode and cure it with KVRT also didnt work. it comes back every restart.

Link to comment
Share on other sites

Got it. While we are checking the installer package, please go to folder C:\WINDOWS\system32\Tasks\, create here a folder with any name (e.g. 'test') and move all the files and folders in C:\WINDOWS\system32\Tasks\ to this newly created folder ('test'). Restart PC, will the detect  still occur? 

Press [Win] + [R] and enter “msconfig”. The window that opens contains a tab called “Startup”. It contains a list of all programs that are launched automatically. Is there anything looking suspicious? You can post a screenshot if not sure. 

 

Link to comment
Share on other sites

The detection still occur. However, after I moved everything to Test folder, I noticed something had launched a command prompt upon restarting. The Task Folder now has a Folder of Microsoft, TEST, and WPD.

I didn't notice anything unusal in the startup tab since i used to disable most of the unused apps. 

config1.JPG

config2.JPG

Link to comment
Share on other sites

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
 Share



×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.