How to Remove Grum Trojan Program

What is the Win32.Grum.a Trojan?
An email disguised as a Internet Explorer download from admin@microsoft.com contains a Trojan downloader that infects the computer with a virus named Win32.Grum.

Hijackthis shows the trojan horse adds the following information or similar lines to the Windows registry

O4 - HKCU\..\Run: [Firewall auto setup] C:\DOCUME~1\User\LOCALS~1\Temp\winlogon.exe

The infected file is stored in the Temp directory under Local Settings for the logged in User, and is autostarted in the following registry locations:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run

admin@microsoft.com email infected with Grum

How Can I Remove the Grum Trojan from my system?

1) Disable System Restore

2) Restart in Safe Mode

3) Once in Safe mode, click on Start, Run

4) Type REGEDIT and press Enter

5) Navigate to the appropriate registry section by clicking on the plus signs (+)  next to

  • HKEY_LOCAL_MACHINE
  • Software
  • Microsoft
  • Windows
  • CurrentVersion
  • Run
6) Right-click and delete the following entry in the right-hand side

Firewall auto setup = %User Temp%\winlogon.exe"

%UserTemp% is the Temp folder usually in the following location
c:\Documents and Settings\{user name}\Local Settings\Temp

7) Repeat Step 5-6 above for the following location as well

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run

8) Close the Registry Editor

9) Restart the computer in Normal Mode

9) Scan your computer with online virus scanner like Housecall, BitDefender, or eTrust or download and install an antivirus program and run a complete scan. A list of online scanners is below, some however will only scan but not remove issues.

10) Open My Computer, Right-click on Drive C, click on Properties, and click Disk Cleanup to delete other temp files

11) Turn System Restore Backup on

Online Virus Checkers
Trend Micro Housecall - will scan and remove threats
BitDefender Scan Online - will scan and remove threats
Ewido Online Scanner - will scan and remove threats
Kaspersky Online Scan - will scan and remove threats
Panda Activescan - appears to only scan for but not remove threats
McAfee FreeScan - appears to only scan for but not remove threats
eTrust Antivirus Web Scanner - will scan and remove threats
Symantec Security Check - will scan and remove threats
Dr.Web Online Check - user can upload and test for threats on particular files

 space.gif (58 bytes)

 







 

Tools for Removing Spyware, Adware, and Malware

PC HELL
Other Pages

Spyware/Adware Removal Help

MSBlast.exe Worm Removal

Welchia (Dllhost.exe and SVCHost.exe) Worm Removal

Uninstall McAfee Instructions

Uninstall Norton Instructions

Uninstall Avast Instructions

Uninstall AVG Instructions

Uninstall Antivir Instructions

How to Manually Run the Microsoft Malicious Software Removal Tool

Bloodhound.Exploit.6 Virus Removal

MyDoom Virus Removal

MiMail.C Virus Removal

Swen Worm Virus Removal

SoBig.F Worm Removal

Dumaru Virus Removal

BugBear.B Worm Removal

SoBig.E Worm Removal

Pop Up Ad Removal Info

KAK Worm Removal

MiMail.A Worm Removal

W95.MTX Virus Removal

Snow White Virus Removal

BadTrans Trojan Removal

Wininit Virus (Bymer Trojan)

Happy99 Worm Removal

VBS Netlog Worm Removal

Pretty Park Worm Removal

Sasser Worm Virus Removal

Backdoor SDBot.H Trojan Removal

VBS.Loveletter Help

Computer Security Information

Back Orifice Information

PC HELL Main Page

 
Recommended Software for PC Hell Visitors

Start FREE Scan...		 FREE Registry Scan!
Clean, repair, and optimize your system with the leading and award-winning Registry Booster from Uniblue. Registry Booster is the safest and most trusted solution to clean and optimise your system, free it from registry errors and fragmented entries. Through Advanced Error Detection Technology, Registry Booster automatically identifies missing, corrupt, or invalid items in your Windows registry and dramatically enhances performance and general stability.
Start FREE Scan...		 FREE Performance Scan!
Now, you can get a faster, cleaner, and safer PC within minutes - without being a Windows expert! SpeedUpMyPC automatically finds the best settings for your PC and carefully controls your system resources to give you the best performance. Easy to use, this award-winning utility has all the features you could ever need to clean up your system, monitor resources, and improve performance.
Start FREE Scan...

Free Spyware Scan!
Protect your PC against privacy threats with the award winning SpyEraser.
Get the latest and most powerful detection and removal technologies, including Live Guard real time online protection. Sophisticated scanning technologies and threat analysis tools even detect new variants of existing threats, as well as new ones, as they evolve. With its intelligent alert warning system and full quarantine, backup and restore features, SpyEraser is the best defense for protection against attack from malware pests.
space.gif (58 bytes)
Google Pack

including Ad-Aware SE, Norton Antivirus,
and Mozilla Firefox		 Perfect Uninstaller
Perfect Uninstaller 		Spy Sweeper
Spy Sweeper
space.gif (58 bytes)

Search PCHELL.COM

Return to PC Hell
Return to PC Hell
Google