How to Remove Grum Trojan Program

What is the Win32.Grum.a Trojan?
An email disguised as a Internet Explorer download from admin@microsoft.com contains a Trojan downloader that infects the computer with a virus named Win32.Grum.

Hijackthis shows the trojan horse adds the following information or similar lines to the Windows registry

O4 - HKCU\..\Run: [Firewall auto setup] C:\DOCUME~1\User\LOCALS~1\Temp\winlogon.exe

The infected file is stored in the Temp directory under Local Settings for the logged in User, and is autostarted in the following registry locations:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run

admin@microsoft.com email infected with Grum

How Can I Remove the Grum Trojan from my system?

1) Disable System Restore

2) Restart in Safe Mode

3) Once in Safe mode, click on Start, Run

4) Type REGEDIT and press Enter

5) Navigate to the appropriate registry section by clicking on the plus signs (+)  next to

  • HKEY_LOCAL_MACHINE
  • Software
  • Microsoft
  • Windows
  • CurrentVersion
  • Run
6) Right-click and delete the following entry in the right-hand side

Firewall auto setup = %User Temp%\winlogon.exe"

%UserTemp% is the Temp folder usually in the following location
c:\Documents and Settings\{user name}\Local Settings\Temp

7) Repeat Step 5-6 above for the following location as well

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run

8) Close the Registry Editor

9) Restart the computer in Normal Mode

9) Scan your computer with online virus scanner like Housecall, BitDefender, or eTrust or download and install an antivirus program and run a complete scan. A list of online scanners is below, some however will only scan but not remove issues.

10) Open My Computer, Right-click on Drive C, click on Properties, and click Disk Cleanup to delete other temp files

11) Turn System Restore Backup on

Online Virus Checkers
Trend Micro Housecall - will scan and remove threats
BitDefender Scan Online - will scan and remove threats
Ewido Online Scanner - will scan and remove threats
Kaspersky Online Scan - will scan and remove threats
Panda Activescan - appears to only scan for but not remove threats
McAfee FreeScan - appears to only scan for but not remove threats
eTrust Antivirus Web Scanner - will scan and remove threats
Symantec Security Check - will scan and remove threats
Dr.Web Online Check
- user can upload and test for threats on particular files

space.gif (58 bytes)

 

Search PCHell.com
site search by freefind advanced

 




Tools for Removing Spyware, Adware, and Malware


PC HELL
Other Pages

Spyware/Adware Removal Help

MSBlast.exe Worm Removal

Welchia (Dllhost.exe and SVCHost.exe) Worm Removal

Uninstall McAfee Instructions

Uninstall Norton Instructions

Uninstall Avast Instructions

Uninstall AVG Instructions

Uninstall Antivir Instructions

Uninstall Panda Instructions

How to Manually Run the Microsoft Malicious Software Removal Tool

Bloodhound.Exploit.6 Virus Removal

MyDoom Virus Removal

MiMail.C Virus Removal

Swen Worm Virus Removal

SoBig.F Worm Removal

Dumaru Virus Removal

BugBear.B Worm Removal

SoBig.E Worm Removal

Pop Up Ad Removal Info

KAK Worm Removal

MiMail.A Worm Removal

W95.MTX Virus Removal

Snow White Virus Removal

BadTrans Trojan Removal

Wininit Virus (Bymer Trojan)

Happy99 Worm Removal

VBS Netlog Worm Removal

Pretty Park Worm Removal

Sasser Worm Virus Removal

Backdoor SDBot.H Trojan Removal

VBS.Loveletter Help

Computer Security Information

Back Orifice Information

PC HELL Main Page

 






iPadastic - News, Tutorials, Help, Tips, and Hints for the iPad



Download Hoyle Games
including Casino 3D, Card, Board, and Solitaire games.



Written by Mark Hasting

Recommended Software for PC Hell Visitors
Malwarebytes Anti-Malware
Malwarebytes Anti-Malware
iolo System Mechanic® - Fix, Speed Up Your PC
iolo System Mechanic®
Emsisoft Anti Malware
Emsisoft Anti Malware
space.gif (58 bytes)

Search PCHELL.COM

Return to PC Hell
Return to PC Hell

Google