# HEUR:trojan.win32.generic

1. ## HEUR:trojan.win32.generic

I have the above in the file mwsautSp.exe which Internet Security 2010 can not delete or quarantine. How can I get rid of it? I have downloaded virus removal tool 2010 and run the information gathering tool and attach the results. Why am I in a Russian help system, I accessed it from the virus detection and am having to have have Google translate it for me, but I can not read many of the commands or options.

2. Switch off/Disable:
- Antivirus and and, if you have - Firewall.
- System Restore

- Execute following script in Manual disinfection
Êîä:
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
ClearQuarantine;
DelBHO('{07B18EA9-A523-4961-B6BB-170DE4475CCA}');
DelBHO('{07B18EA1-A523-4961-B6BB-170DE4475CCA}');
QuarantineFile('C:\Program Files\MyWebSearch\bar\4.bin\MWSBAR.DLL','');
QuarantineFile('C:\WINDOWS\system32\cgmopenbho.dll','');
QuarantineFile('C:\WINDOWS\system32\DRIVERS\m5228.sys','');
QuarantineFile('C:\Documents and Settings\Ken Cooper\JMSys.sys','');
QuarantineFile('C:\WINDOWS\system32\drivers\pivot.sys','');
QuarantineFile('c:\program files\aliraid\jmapp.exe','');
DeleteDirectory('C:\Program Files\MyWebSearch\');
ExecuteWizard('TSW', 2, 2, true);
ExecuteWizard('SCU', 2, 2, true);
BC_ImportAll;
ExecuteSysClean;
BC_Activate;
CreateQurantineArchive('C:\quarantine.zip');
SetAVZPMStatus(True);
RebootWindows(true);
end.
After reboot

- Repeat a log file of AVPTool.
- Make a log file with Hijackthis ( Analysis, p.3 for further informations).
- Attach both logs to your new post..

3. I can't find the quarantine.zip file.
The script said
CreateQurantineArchive ( 'C: \ quarantine.zip');
should it have said
CreateQuarantineArchive ( 'C: \ quarantine.zip');
and is that why I didn't get the file created?

4. Open Explorer, go to the root catalog C:\, search the file quarantine.zip. Found or not found?

Open Explorer, go to the root catalog C:\, search the file quarantine.zip. Found or not found?

6. Ñîîáùåíèå îò KKen Cooper
OK, make the next steps.

7. File attached as requested

- Repeat a log file of AVPTool.
?!?!?!?!

?!?!?!?!
I don't understand. I have followed the instructions you gave me. I tried to attach the log file from the virus tool, but it wouldn't let me. I attached the file from Hijackit as you requested.

You must remember that I am viewing a translation of this site, so I can't see what the buttons stand for as they are in Russian.

10. Make the AVP Scan Log in the same way as in your open post and attach it. What kind of problem do you see?
Ñîîáùåíèå îò KKen Cooper
You must
I must only die, the other things I have to do
I am viewing a translation of this site
Why didn't you switch to englisch interface? : http://virusinfo.info/index.php?page=homeeng&langid=1

Make the AVP Scan Log in the same way as in your open post and attach it. What kind of problem do you see?
I must only die, the other things I have to do
Why didn't you switch to englisch interface? : http://virusinfo.info/index.php?page=homeeng&langid=1
OK AVP file attached

12. And the system restore is not disabled again...