1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Please help BHW - Simda trojan - dont know how to remove, anyone help me?

Discussion in 'BlackHat Lounge' started by gimlop, May 11, 2013.

  1. gimlop

    gimlop Regular Member

    Joined:
    Feb 27, 2012
    Messages:
    359
    Likes Received:
    70
    Location:
    Slovakia - Slovak republic
    Hey Blackhatters.
    I got this virus, win32/simda.m.gen trojan virus and i dont know how to get rid of it. It slows my pc so much, gives me ad popus almost everywhere i go, i cant use google without HMA , some websites dont work even with HMA.
    I was searching in google, and i cannot find anything. My nod32 antivirus gives me report of it, when i click DELETE IT it says PROBLEM WITH DELETING and gives me TRY AGAIN or CANCEL, when i try again it gives me PROBLEM WITH DELETING....
    Please anyone, how can i get rid of it? Im willing to pay $5 for correct answer on paypal, or help you with other stuff...
    Please help me
     
  2. AckAck

    AckAck Jr. VIP Jr. VIP

    Joined:
    Jun 27, 2011
    Messages:
    267
    Likes Received:
    46
    use malwarebytes
     
    • Thanks Thanks x 1
  3. dotcomdesigns

    dotcomdesigns Power Member

    Joined:
    May 16, 2009
    Messages:
    673
    Likes Received:
    646
    Location:
    UK
    • Thanks Thanks x 1
  4. Goal Line Technology

    Goal Line Technology Senior Member

    Joined:
    Dec 30, 2011
    Messages:
    929
    Likes Received:
    2,157
    Code:
    http://www.virusradar.com/en/Win32_Simda.M.Gen/description
    and / or
    Code:
    http://www.ehow.com/how_5076859_remove-win-trojangen.html
    and / or
    do it manually by searching in the win 32 folder and manually delete,
    sometimes it may take a reboot after you have cleaned it up .
    Hope it helps
     
    • Thanks Thanks x 1
  5. gsy159

    gsy159 Power Member

    Joined:
    Apr 29, 2011
    Messages:
    654
    Likes Received:
    158
    Shoot me a PM if you want help
     
    • Thanks Thanks x 1
  6. cooltoad

    cooltoad Senior Member

    Joined:
    Sep 10, 2010
    Messages:
    934
    Likes Received:
    549
    Occupation:
    None of your business
    Location:
    On Vacation
    First line of defence: MalwareBytes
    Second: Post your Hijackthis log to www.bleepingcomputer.com forums and you will get full support in identifying the issue.

    cheers
    CT
     
    • Thanks Thanks x 1
  7. Black.Star

    Black.Star Junior Member

    Joined:
    Oct 4, 2011
    Messages:
    185
    Likes Received:
    1,028
    Occupation:
    IT security specialist
    Location:
    Europe
    Yea what everyone else already said.
    MalwareBytes and if that is not really helping you can always use hijackthis and post the logs to various security boards.
     
    • Thanks Thanks x 1
  8. gimlop

    gimlop Regular Member

    Joined:
    Feb 27, 2012
    Messages:
    359
    Likes Received:
    70
    Location:
    Slovakia - Slovak republic
    Thanks guys, but still, malwarebytes did not work, im gonna try bleepingcomputers, but thanks. I gave you reputation and thanks :)
     
    • Thanks Thanks x 1
  9. xpleet

    xpleet Regular Member

    Joined:
    Jan 18, 2010
    Messages:
    377
    Likes Received:
    327
    Location:
    Morocco
  10. Jonny Quick

    Jonny Quick BANNED BANNED

    Joined:
    Aug 26, 2010
    Messages:
    231
    Likes Received:
    340
    Wrong.

    1st line of defense: Fully updated at Windows Update
    2nd: Firewall
    3rd: User behavior
    4th: Anti-virus software

    @OP your 1st mistake is assuming you only have one malware active. Also, Anti-Virus software does not repair system file damage.
     
  11. Black.Star

    Black.Star Junior Member

    Joined:
    Oct 4, 2011
    Messages:
    185
    Likes Received:
    1,028
    Occupation:
    IT security specialist
    Location:
    Europe
    Okay lets try this step by step:

    1. Boot into safemode:

    [​IMG]

    2. Try once again to scan with MalwareBytes (check if you have the newest signatures installed aswell)

    3. If the scanning produced no results continue manually and ignore step 2. (I will assume you have enough technical knowledge to delete registry entries and some files.):

    Find the win32/simda.m.gen associated files in your computer and remove all of them completely.

    %AllUsersProfile%
    %AllUsersProfile%\Application Data\~r
    %AllUsersProfile%\Application Data\~dll

    4. Go into the windows registry editor (start -> regedit). Search and find all the win32/simda.m.gen related registry entries and delete them all.

    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “ ”
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “CertificateRevocation” = ’1′
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments “SaveZoneInformation” = ’0′

    (These are the related entries I found with google... Looks like it´s a rather malicious kind of scareware. Some sources also say that it installs a backdoor. So do your own research aswell and doublecheck for suspicious activities. Your best bet is always to reinstall Windows.)

    5. Restart your computer into normal mode


    (Disclaimer: I am not responsible for any damage you may cause to your system. It´s always better to have weekly/daily backups and just wipe Windows completly. Do your own research before you delete any files on your PC and dont trust random strangers on the Internet.)


    Hope this will solve the problem for you and with kind regards,

    Black.Star