Sunday, June 8, 2014

[Expertise] Trojan.Win32 dynamer!Dtc - Fail to Remove It, What Should I Do?

remove Trojan.Win32 dynamer!dtc Trojan horse







OUTLINE
  • Can Trojan.Win32 dynamer!Dtc be FP?
  • Some bad consequences of having Trojan.Win32 dynamer!dtc
  • Follow instructions to deal with Trojan.Win32 dynamer!dtc and FP
  • Final



Is Trojan.Win32 dynamer!dtc False Positive?

  1. More unknown processes are detected to run in the background and consume CPU.
  2. Additional infections might be found.
  3. The overall PC performance will be considerably degraded.
  4. Some programs might shut down abruptly.
The above listed unpleasant scenes are the common ones caused by Trojan.Win32 dynamer!Dtc if it is real. If not, the detection by MSE could be false positive (FP) as it is conditional:
  1. Win7_EULA.exe in D:\DO NOT DELETE\System_Backup.wim that MSE said Trojan.Win32 dynamer!dtc is located is the license agreement contained inside the backup of your computer which you have to accept on the first run of the computer.
  2. Machines loaded before 16 August 2011 will still take when the EULA application as vicious due to the way EULA application was compiled.


Trojan:Win32/Dynamer!dtc Needs Quick Removal


If the detection of Trojan.Win32 dynamer!dtc is real, as we all know that Trojan is adept at stealing confidential information, overwriting drivers concerning pivotal parts of a system, transferring collected information to its remote server through backdoor program, any delay in removing Trojan.Win32 dynamer!dtc would:
  1. Weaken the security defense.
  2. End up with identity theft and money loss.
  3. Encounter additional virus, Trojan particularly.
  4. Fall into the full control by the Trojan horse when unsolicited access is achieved.
Even if the detection of Trojan.Win32 dynamer!dtc is FP, quick solution is required as some error messages would occur to arouse instability which could result in cumbersome troubles scattered around. This will also degrade the overall PC performance significantly and loophole can be made to offer chances for infections embeded on the Internet.



How to Remove Trojan.Win32 dynamer!dtc or Deal with FP?


Situation 1 – when Trojan.Win32 dynamer!dtc is FP.

Trojan.Win32 dynamer!dtc is a detection specialized flagged by MSE. Therefore, we take MSE for example to show how to deal with Trojan.Win32 dynamer!dtc false positive.

Start button > All Programs > “Microsoft Security Essentials” > Settings tab > “Excluded files and locations” on the left pane > type “D:\DO NOT DELETE” (without quotes) in the first input box > Enter key > press “Save changes” button.



Situation 2 – when Trojan.Win32 dynamer!dtc is real.

If the above steps will not stop the warning alert about Trojan.Win32 dynamer!dtc, then the alert is real. Follow the instruction to help yourself. But please understand that there’s no universal explicit instruction to help remove Trojan.Win32 dynamer!dtc as the situation (the items dropped by Trojan.Win32 dynamer!dtc, the directory Trojan.Win32 dynamer!dtc settles in and the name of the dropped down items) can vary from OS to OS. Therefore, an effective thread is offered which requires certain level of computer skill and virus knowledge to move forward complete and thorough removal.


A
Access Task Manager to remove the items with the path directing to Trojan.Win32 dynamer!dtc according to the installed anti-virus program.
(tip: if you are not able to access Task Manager with the key combination, please access Run box from Start menu and type “CMD”; hit Enter key to put in “taskkill.exe /im msblast.exe” or “taskkill.exe /im teekids.exe” or “taskkill.exe /im penis32.exe”)

Access Task Manager > View > select columns > tick "PID" and "Path name" > go to open up System Information > end the process with path name directing to  Trojan.Win32 dynamer!dtc's path(according to the threat alert) or the path that doesn't belong to system.
select Colunms to tick PID and Path Name to find out the services and processes related to
Trojan.Win32 dynamer!dtc
(tip: if some vicious processes reappear, one could find the PPID through PID functionality; please then remove the parent process(es) with the command “taskkill /im system.exe /f” through DOS window.)




B
Unveil hidden files and folders to remove the ones created by Trojan.Win32 dynamer!dtc.

Windows 7/XP/Vista - Control Panel > user accounts and family safety > Folder Options > View tab > tick ‘Show hidden files and folders’ > non-tick ‘Hide protected operating system files (Recommended)’ > OK button.

Windows 8 - Windows Explorer > View tab > tick ‘File name extensions’ and ‘Hidden items’ > OK button.
show hidden files and folder on Windows 8 to remove the ones related to Trojan.Win32 dynamer!dtc

  • Access the detected path and remove all the items there.
  • Access the following folders to remove the items generated on the day when  Trojan.Win32 dynamer!dtc was firstly detected according to the installed anti-virus program:
    (tip: if one owns Windows XP, it is suggested to execute the following steps after closing down System Restore function: right click on “My Computer”/”Computer” > Property > navigate to System Restore tab > tick “Turn off System Restore”)
turn off system restore to prevent from Trojan.Win32 dynamer!dtc's reimage
%SystemRoot%\system32\%Temp%\
%SystemDriver%\
C:\Windows
C:\Windows\System32
C:\windows\winstart.bat
C:\windows\wininit.ini
C:\windows\Autoexec.bat
C:\Users\[your username]\Documents\
C:\users\user\appdata\local\
C:\Program Files\

variable declarations
  • %SystemDriver% - the system division is "C:\" by default.          
  • %SystemRoot% - the directory of WINDOWS is known as“C:\Windows” by default.



C
Access DataBase to make rectifications.

  • Press down Win key and R key together.
  • Type “regedit” and hit Enter key.
  • Navigate to the following entry to see and remove the values (C:\WINDOWS\system32\system.exe) under “Run” that you have not seen before:
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
  • Then search for the processes detected in stepA to remove them in Database.



D
Remove cookies from browser settings.

Internet Explorer
Tools icon > Safety > “Delete browsing history” option in > tick “Cookies” > “Delete” button.

Chrome
‘Customize and control’ menu > Tools > “Clear Browsing Data” option > tick “Delete cookies … “> “Clear browsing data”.
Firefox
Tools menu > “Cookie Manager” > “Manage Stored Cookies” > remove all cookies.
Opera
Open up Opera and make it as the current browser > Alt+P key combination > Privacy and Safety > “Cookie” > click on “all cookies and website data” button.




E  
Remove temp files generated by Trojan.Win32 dynamer!dtc.
  1. Press Win key and R key together, you’ll get a pop-up Run box.
  2. Type “%Temp%” in the box and hit Enter key, you’ll be led to all temp files.
  3. Remove the ones that are not loaded by system.
  4. When done, return to the previous menu to click open “Temporary Internet Files”.
  5. Locate the folder ”Content.[the browser you are using]+[the version you are using] ”, for example, content.ie5.
  6. Remove all the files there (except index.dat).




It should be informed that Trojan:Win32/Dynamer!dtc is also called as Trojan:Win32/Sisproc by other anti-virus programs (they name the same vicious binary strings differently). This makes sense that the name of the items dropped by Trojan:Win32/Dynamer!dtc can be different from OS and the way to access certain location can be various. This is why certain computer skills and virus knowledge is required.

One should also know that the Trojan is made to make money, not to just damage your system. It is always designed strictly to make sure that the Trojan horse will stay on a machine for as much valuable information as possible. So there’s no simple and effective way to troubleshoot this annoying issue. All one can do is to follow up manual instruction carefully. Any help request according to your concrete situation will be gladly answered if one contacts Global PC Support Center by starting a live chat here.
get expert help in removing Trojan.Win32 dynamer!Dtc




No comments: