Jump to content

Trojan.pirminay


Recommended Posts

Hello, all. This morning, the results of an MBAM scan showed that I have Trojan.Pirminay in c:\windows\system32\printctrl.exe. I choose the quarantine option, then deleted it from the quarantine. Maybe an hour later the warning showed up on my screen again, and again I quarantined and deleted. This has happened twice now, and I was wondering how can I get ride of this problem? Can I delete the file and replace it with one from a clean PC?

Thanks!

Link to post
Share on other sites

Hello and welcome to MBAM forum, buckmode: :)

Sorry to hear you might be infected.

I wouldn't suggest trying to replace the infected file.

Instead, it would be better to have a qualified malware expert look at your system & assist with cleanup.

(It sounds as if it could be a false positive detection, but only the trained malware experts can determine if that is the case.)

We cannot work on malware removal in this sub-section of the forum, so please read below for assistance with cleaning your system.

IMPORTANT: Please do NOT use any temporary file cleaners unless instructed to do so - they can cause data loss, making recovery difficult.

IF YOU WOULD LIKE EXPERT HELP WITH MALWARE REMOVAL, PLEASE CHOOSE ONE OF THE FOLLOWING 3 OPTIONS:

OPTION 1: Free, one-on-one, expert assistance in the Malware Removal Forum.

OPTION 2: For licensed users of MBAM PRO, there is free, one-on-one, expert assistance from the MBAM support helpdesk.

OPTION 3: Fee-based, one-on-one, expert assistance from Premium Support.

OPTION 1:

  • Please print out, read and carefully follow the instructions in the "I'm Infected - What Do I Do Now?" article.
  • -->If the infection has so crippled the computer that you cannot complete some or all of the steps, then just do the best you can and start a new topic as described below.
  • Then please start a new post in the Malware Removal Forum.
  • An authorized, trained malware expert will provide free, one-on-one assistance as soon as one becomes available.

  • When starting your new post, please note the following:
  • Please do NOT post in a topic started by someone else, even if their problem sounds similar.
  • Please COPY/PASTE the requested logs directly into your post, rather than attaching them.
  • Under options, please be sure to select "track this topic" and "immediate email notification", so you'll know when a helper responds.
  • Please be patient - it may be 48 hours or more before a helper can assist you, especially when the forum is very busy.
  • Please do NOT "bump" your topic or reply back to it for at least 48 hours.
  • Doing so may cause your topic to be overlooked, as it will appear that you are already being helped.

OPTION 2:

If you are a paid user of MBAM PRO and would like support via the helpdesk, please contact them here.

OPTION 3:

If you prefer the Malwarebytes Premium Services (comprehensive solutions to all your computer support needs – from installation and set-up to troubleshooting and tune-ups), please go to the Premium Support site here.

Please be patient – someone will assist you as soon as possible.

Thank you very much,

daledoc1

Link to post
Share on other sites

Hello, all. This morning, the results of an MBAM scan showed that I have Trojan.Pirminay in c:\windows\system32\printctrl.exe. I choose the quarantine option, then deleted it from the quarantine. Maybe an hour later the warning showed up on my screen again, and again I quarantined and deleted. This has happened twice now, and I was wondering how can I get ride of this problem? Can I delete the file and replace it with one from a clean PC?

Thanks!

Received the same. Hoping I don't see it again....
Link to post
Share on other sites

Hi, Dexter B:

The safest bet is to proceed as suggested above, to have a malware expert check your system.

I am not qualified or authorized to provide malware advice, as I am just a home user.

I wonder, though, since you are the 2nd person in a few minutes to report this particular detection, if it MIGHT POSSIBLY be a false positive, assuming you are getting the SAME MBAM detection on the EXACT SAME Windows file?

To reiterate, the safest course of action is to follow the suggestions in my earlier reply.

If you would like the MBAM engineers to examine the file in question and determine if it could be a FP, then please read and follow the instructions >>HERE<< and then post with the requested information >>HERE<<.

If it is a FP, the engineers will fix it. :)

Thanks!

daledoc1

Link to post
Share on other sites

  • Staff

Yes, I suspect they were false positives, I see several topics regarding Trojan.Pirminay in our False Positives forum. If you update your database and scan again, do you still get these detections?

If the answer is no, then these were indeed false positives and you've nothing to worry about as the issue has now been fixed. If you do still get the detections after updating Malwarebytes Anti-Malware, then if you've not done so already, please follow the instructions I posted here so that one of our Research staff members can take a look and find out if these are false positives or not, and if they are, fix it in an upcoming database update.

Thanks :)

Link to post
Share on other sites

The problem is on my office computer, and I'll check it out tomorrow (Sunday afternoon is usually when I do the maintenance-type jobs on our network and workstations).

Hi, Buckmode: :)

Thanks for the update -- yes, it does seem that this was a false positive that has been fixed. So, kindly follow Exile360's advice.

Since you mention that this is your office computer, I assume you have appropriate corporate licensing for MBAM? :)

If not, then you'll want to read more about it here:

Where can I find a copy of Malwarebytes Anti-Malware EULA?

and here:

How can I legally use Malwarebytes Anti-Malware in my Business or Corporate Entity (including Government, Education, & Non-Profit)?

If you don't already have such licensing, if you contact the Corporate sales team, they'll get you all set up.

They can be reached here: http://www.malwareby...rate_licensing/

(Please be sure you have malwarebytes.org and salesforce.com in your safe sender list of your email client.)

If you're already properly licensed, then that's great, of course! :)

Cheers!

daledoc1

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.