1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Active Trojan PWS Legmir

Discussion in 'Malware and Virus Removal Archive' started by kris1, 2009/11/07.

  1. 2009/11/07
    kris1

    kris1 Inactive Thread Starter

    Joined:
    2009/03/28
    Messages:
    5
    Likes Received:
    0
    [Active] Trojan PWS Legmir

    Firstly, I apologise that I cannot yet get a Hjackthis or combofix report on with this post, my laptop is in no state to do it so I am posting it off my flatmates.
    Essentially my laptop (vista home premium) had been running reasonably slowly for a few days and whenever I left it for a few hours I would return to find that the internet browser had about 15 open windows (all really long addresses none of which led to any particular page). Internet Explorer, which the windows opened with was not working and nor was Firefox, Google Chrome was working fine. I therefore restarted the computer. Now All that I get is 'My Documents' window being opened. The rest of the screen is black. There is no toolbar, no icons, no background picture. I can open some files, not all, through either finding them from my documents (drive C, program files etc...) or by using control alt delete and 'new task'. A few days ago I had it on and returned to it to say that it was shutting down due to the presence of a trojan - Trojan.PWS.Legmir.AD/W32.Ahlem.A@mm I looked into this but it does not seem that severe to do the damage it has caused to my laptop. In addition I have tried programs like the Google Spyware remover which has noted several threats it puts in the 'high' threat category, however, whenever I click 'Fix' to the problem the laptop will shut itself down and re-set itself. It doesn't allow me to use the Google program in safe mode so I can't do it there either. Incidentally safe mode boots up in the exact same way as normal mode - with the black screen, no taskbar and no icons. It has also now got progressively worse, whereas before it would allow me to just keep it on and, for example, run the Google Spyware program, it will now restart itself within a couple of minutes of being turned on. All I can think is that I do a factory reset on it, only I don't want to lose all the files and programs I've got installed...
    Any help or any knowledge of what problem this could be, in addition to the trojan it told me exist, I'd really appreciate it as you guys were fantastic when I had the google redirect problem with my family computer.
    Many thanks,
    Kris
     
  2. 2009/11/08
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Try Avira AntiVir Rescue System

    Using another working computer...
    1. Download the Avira AntiVir Rescue System: http://www.free-av.com/en/tools/12/avira_antivir_rescue_system.html
    2. Place a blank CD in your burner and double-click on the downloaded file.
    3. The program will automatically burn the CD for you.
    4. Place the burned CD into the affected computer and start the computer with the CD in the CD tray.
    5. On the bottom left side of the screen there are 2 flags. Using your mouse click on the British flag to use English.
    6. Click on the Configuration button.

    - Select Scan all files
    - Select Try to repair infected files and Rename files, if they cannot be removed
    - Select Scan for dialers
    - Select Scan for joke programs (Jokes)
    - Select Scan for games
    - Select Scan for spyware (SPR)

    7. Click on Virus scanner
    8. Click on Start scanner at the bottom of the screen.

    9. Let Avira finish it's scan and then remove any threats found and then exit out of the scanner.
    10. Take the CD out of the CD/DVD tray and then restart the computer.

    If needed see this Tutorial for the Avira Rescue CD: http://forum.avira.com/wbb/index.php?page=Thread&threadID=82163
     

  3. to hide this advert.

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.