Jump to content

Trojan.Ransom


Recommended Posts

Good Morning,

 

I saw a notice from Malwarebytes yesterday saying that an attack had been prevented. I have looked in my quarantine and seen Trojan.Ransom held there. It has come from this location :-

 

C:\ Program Files (x86)\Eusing Free Registry Cleaner\UNWISE.EXE

 

I have seen that this program downloaded itself yesterday afternoon (how - I have no idea, I didn't knowingly download it. I think I was watching a tv.Adobe tutorial at the time).

 

Please can someone tell me what to do to clean it out and whether or not it will have caused any other problems.

 

Thanks for your help

 

Nigel

Link to post
Share on other sites

Unwise.exe is usually the uninstaller for that software and is held in the program folder. I would not recommend a registry cleaner to anyone, better to uninstall the program.

 

download and install Revo Uninstaller Free

 

  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • When the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • When prompted click on Yes and then on next.
  • Put a check on any folders that are found and select delete
  • When prompted select yes then on next
  • Once done click Finish.

 

When complete run another quick scan with malwarebytes and post that log...

Link to post
Share on other sites

Here's the log.

When I tried to uninstall, I got a message saying "Running the applications uninstaller failed. Possible invalid uninstall command". I then went through the rest of the uninstall deletes as you mentioned above.

 

Malwarebytes Anti-Malware (PRO) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.10.05.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16686
Nigel :: ADMIN-PC [administrator]

Protection: Enabled

05/10/2013 11:33:43
mbam-log-2013-10-05 (11-33-43).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 247299
Time elapsed: 4 minute(s), 57 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0

 

The trojan is still shown in the quarantine section - should I just delete it or is there anything else I need to do first?

 

Thanks for your help so far!

 

Nigel

Link to post
Share on other sites

Yes, I've deleted it from the quarantine box and although I've used Revo, when I click on the start button and search for "Eusing" - the search comes up with the registry cleaner as though its still installed, but it doesn't show on the Revo list of installed programmes? I'm unsure of what this means.

Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.