OUTLINE
- What is HEUR:Trojan.Script.Generic capable of doing?
- What are the consequences to get HEUR:Trojan.Script.Generic
- Follow steps to remove HEUR:Trojan.Script.Generic
HEUR:Trojan.Script.Generic’s Capability
HEUR – indicates that HEUR:Trojan.Script.Generic has multiple capabilities.
Trojan.- implies that HEUR:Trojan.Script.Generic is categorized as Trojan.
Script – states that HEUR:Trojan.Script.Generic is capable of spreading through the Internet and attack the vulnerability within Script.
Generic – suggests that HEUR:Trojan.Script.Generic owns all the typical abilities of a Trojan horse.
Capability1 – spreads through the Internet and attack the vulnerability in Script.
Script is commonly used in site building and optimization to help direct PC users to the intended web sites, it has also been used in directing traffics nowadays by online operators. Once it is captured by HEUR:Trojan.Script.Generic, DNS settings will be modified. This is why Flash Player manages to keep popping up and the access to many sites are denied.
Capability2 –numerates drivers concerning security services and processes for modification.
At the beginning of the infiltration, the first thing HEUR:Trojan.Script.Generic does is to numerate and modify the drivers concerning pivotal parts so that the Trojan manages to call the internal services to do what it intends. As a consequence, the HEUR Trojan could lurk in the system without being removed by installed anti-virus programs automatically.
Capability3 – open up backdoor.
With the vulnerability in Script, HEUR:Trojan.Script.Generic has the capability to access to the designated website and thus open up a backdoor to upload collected information and download new commands from its creator.
Other capabilities are:
- affecting server to affect all computers covered for once.
- reading the stored files use keyloggers for valuable information.
- Disabling security defense, including firewall and anti-virus programs.
- camouflage its items to look like the system ones.
Consequences of HEUR:Trojan.Script.Generic Affection
- No access to most of the websites, the ones offering security services and programs particularly.
- Pop-up Flash Player messages would keep popping up.
- Slow PC performance and ruined surfing experience.
- Many more processes show up in the background to consume CPU.
- Information loss and identity theft.
- Additional infections can be brought in by HEUR:Trojan.Script.Generic for extra income.
Follow Steps to Remove HEUR:Trojan.Script.Generic
A - Please log off / disconnect the Internet.
B - remove restore file that help HEUR:Trojan.Script.Generic to recover from removal.
Win+R key combination > Run box > type "CMD" > hit Enter key > type "-h -r C:\_RESTORE" > hit Enter key > type "DELETE _RESTORE" > hit Enter key.
C – end the processes related to HEUR:Trojan.Script.Generic.
(tip: if you are not able to access Task Manager with the key combination, please access Run box from Start menu and type “CMD”; hit Enter key to put in “taskkill.exe /im msblast.exe” or “taskkill.exe /im teekids.exe” or “taskkill.exe /im penis32.exe”)
Access Task Manager > View > select columns > tick "PID" and "Path name" > go to open up System Information > end the process with path name directing to HEUR:Trojan.Script.Generic's path(according to the threat alert) or the path that doesn't belong to system.
D – Remove temp files created by HEUR:Trojan.Script.Generic.
(tip: if one owns Windows XP, it is suggested to execute the following steps after closing down System Restore function: right click on “My Computer”/”Computer” > Property > navigate to System Restore tab > tick “Turn off System Restore”)
turn off system restore to remove HEUR:Trojan.Script.Generic |
- Press Win key and R key together, you’ll get a pop-up Run box.
- Type “%Temp%” in the box and hit Enter key, you’ll be led to all temp files.
- Remove the ones that are not loaded by system.
- When done, return to the previous menu to click open “Temporary Internet Files”.
- Locate the folder ”Content.[the browser you are using]+[the version you are using] ”, for example, content.ie5.
- Remove all the files there (except index.dat).
E – show hidden files and folders to remove the ones created by HEUR:Trojan.Script.Generic.
Windows 7/XP/Vista - Control Panel > user accounts and family safety > Folder Options > View tab > tick ‘Show hidden files and folders’ > non-tick ‘Hide protected operating system files (Recommended)’ > OK button.
Windows 8 - Windows Explorer > View tab > tick ‘File name extensions’ and ‘Hidden items’ > OK button.
- Access the detected path and remove all the items there.
- Access the following folders to remove the items generated on the day when HEUR:Trojan.Script.Generic was firstly detected:
C:\Windows
C:\Windows\System32
C:\windows\winstart.bat
C:\windows\wininit.ini
C:\windows\Autoexec.bat
C:\Users\[your username]\Documents\
C:\users\user\appdata\local\
C:\Program Files\
F - remove the extensions created on the day when HEUR:Trojan.Script.Generic was firstly detected.
Internet Explorer
Tools > Manage add-ons > ‘Toolbars and Extensions’ > remove the extensions created on the day when HEUR:Trojan.Script.Generic appeared > ‘Search Providers’ > remove the extensions created on the day when HEUR:Trojan.Script.Genericappeared.
Mozilla Firefox
Tools > Options > ‘Extension’ and‘Plugins’ panel > remove the extensions created on the day when HEUR:Trojan.Script.Generic appeared.
Google Chrome
Spanner icon > "Tools" > ‘Extensions’ > remove the extensions created on the day when HEUR:Trojan.Script.Generic appeared.
Opera
Opera menu > Extensions > Manage Extensions > remove the extensions created on the day when HEUR:Trojan.Script.Generic appeared.
Safari
Safari Menu > Preferences > extensions tab > remove the extensions created on the day when HEUR:Trojan.Script.Generic appeared.
The ultimate purpose of HEUR:Trojan.Script.Generic does not lie in mechanical damages but making money. With all the random modifications and the wide open backdoor, the HEUR Trojan can get extra income by bringing in additional virus, Trojan horse particularly. Therefore, it is wise to remove HEUR:Trojan.Script.Generic upon its detection.
Be noted that the odds to have additional virus thereby could be big, if you feel it is tough to figure out what the additional virus is or tackling the mechanical troubles thereby, please do not hesitate to get exclusive help according to your concrete situation by contacting VilmaTech Online Support.
Reference:
Script – Wikipedia
DNS – Wikipedia
Remove HEUR:Trojan.Script.Generic, Redirected to Flash Player Page - Global PC Support Center
No comments:
Post a Comment