Results 1 to 10 of 10

Thread: Cannot remove Trojan:Win32/oficla.E

  1. #1
    Join Date
    Sep 2010
    Posts
    29

    Cannot remove Trojan:Win32/oficla.E

    I think that I have a virus which create a file in my temps directory and immediately deletes them. My Microsoft security essential pop up a message after every 15minutes and when I click to clean it says that file not found. I try to run full scan using Microsoft security essential as well as other Anti-virus but does not find anything and when try to scan in safe mode it will crash. One more thing this virus adds extension to firefox ahich redircts me to advertising sites when click on links.In C:\Windows\Temp\dqwg.tmp\svchost.exe location Microsoft security essential finds is Trojan:Win32/oficla.E. I think it keep on changing the temp files name and I also tried system restore. Can any one aware how to remove this Trojan from my system? Please help to get rid of this issue thank you in advance.

  2. #2
    Join Date
    Apr 2008
    Posts
    4,642

    Re: Cannot remove Trojan:Win32/oficla.E

    Suffering from same problem because of trojan win32:oficla-E found on my system. I am using Avast anti virus and perform several scans as well as boot scan finds it and display the pop ups every 15-20 minute but when give action to remove it then no file found message is displayed. It can not find it with the scan.I have used various tools such as Spybot search and destroy, Ad-Aware, Advanced System Care,Super Anti Spyware, and Windows Defender and done full scan with spybot have found it but all are unable to remove it from my system.

  3. #3
    Join Date
    May 2008
    Posts
    4,570

    Re: Cannot remove Trojan:Win32/oficla.E

    I think I have solution to your problem. you just need to perform the following instruction to remove trojan win32.ofical-E.
    First restart your computer and continue press f8 during the bootup process in order to get startup options. In Safe mode with networking select START option and when your computer start use spybot search an destroy to scan the system it finds all the malicious and then prompt me to restart the system again in order to get rid of the bad registry entries which it found so far and will solve this problem. I think that any anti virus malware program will do the same thing if started in safe mode with networking. Best of luck and hope this information will help to remove this malicious program and get rid of it. After performing it I got my problem solve.

  4. #4
    Join Date
    May 2008
    Posts
    4,345

    Re: Cannot remove Trojan:Win32/oficla.E

    Having the same issue and I think the problem is resolved by following the instructions mentioned in above post.I downloaded spybot and scan system but it found only cookies. I have updated my Microsoft security essential so I am not sure whether it got removes because of spybot or due to update to Microsoft security essential.But Microsoft security essential still crash when scanning in safe mode.

  5. #5
    Join Date
    May 2008
    Posts
    4,831

    Re: Cannot remove Trojan:Win32/oficla.E

    Trojan:Win32/Oficla.E attempts to inject code into windows running process to download a security program named as TrojanDownloader:Win32/FakeScanti. You check the following changes which indicate the presence of this Trojan.
    1]Presence of additional data in temp registry as mentioned in the following example.
    Value=Shell
    With data=explorer.exe rundll32.exe dckp.kio pushprl
    subkey= HKLM->SOFTWARE->Microsoft->Windows NT->CurrentVersion->window login
    2] you can also come to know from Alert notifications from installed antivirus software.
    This trogan win32/oficla.E might be also installed by another trojan such as win32/oficla.A. It is also found that this trojan is distributed in spam mail message as an attachment. Attachment is an archive file and named as agreement.zip which contain an exe code named agreement.exe.

  6. #6
    Join Date
    Apr 2008
    Posts
    4,088

    Re: Cannot remove Trojan:Win32/oficla.E

    When you run this trojan it drops a copy of itself in temp directory, the file is named as any random number and with .tmp extension. The drooped file is executed which try to launch user asynchronous procedure call to svchost.exe which in turn call the malicious APC. After this the trojan is copied as a random file named in windows system folder. The registry is modified to run its copy at each start of windows as given below:
    Value="Shell"
    With data= "explorer.exe rundll32.exe dckp.kio pushprl"
    TO Subkey= HKLM->SOFTWARE->Microsoft->Windows NT->CurrentVersion\window logon
    This trogan modifies the registry with the below given data and value :
    Value:Urlo
    Data:<Some hexadecimal data>

  7. #7
    Join Date
    Mar 2009
    Posts
    1,588

    Re: Cannot remove Trojan:Win32/oficla.E

    Thomas321 thank you for your valuable you have mentioned the working of this Trojan win32/ofical-E. Can you please tell some methods to prevent my system from such malicious effect?I have tried with various software to remove it but it is really impossible. Please provide detail information for prevention thank you in advance. Your effort will be appreciated.

  8. #8
    Join Date
    Apr 2008
    Posts
    4,088

    Re: Cannot remove Trojan:Win32/oficla.E

    You can perform the following step to prevent your system from such malicious program:
    1]You can enable the firewall on your computer.
    2]Try to get the latest updates available to all your software
    3]Make sure that your anti-virus is up-to-date
    4]when opening attachments and accepting file transfers amke sure that it is from trusted party
    5]Don't click on the link on web pages when it is not related to your task.
    6]If possible try to avoid downloading pirated softwares because threats can also be bundled with them.
    7]Try to protect from social engineering attack to protect your system. Attackers can try to exploit vulnerabilities in software so that they can compromise a system
    8]Use strong password combination of small word, capital letters and numbers. Because attacker may try to access your account by guessing your account password.

  9. #9
    Join Date
    Mar 2009
    Posts
    1,588

    Re: Cannot remove Trojan:Win32/oficla.E

    Below are the steps to enable a firewall on your computer
    You have two options you can use a third-party firewall and second you can turn on the Microsoft Windows Internet Connection Firewall.
    Procedure to turn ON windows firewall in VISTA:
    1. Go to Start menu and click Control Panel.
    2. Select Security.
    3. Select Turn Windows Firewall on or off.
    4. Select On and
    5. Finally click OK.
    Procedure to turn ON windows firewall in Windows XP
    1. Go to Start menu and Select Control Panel.
    2. Select Network and Internet Connections. If not available then click Switch to Category View.
    3. Sel;ect Change Windows Firewall Settings.
    4. Select On and
    5. Finally Click OK to finish the setting.

  10. #10
    Join Date
    Jan 2008
    Posts
    3,755

    Re: Cannot remove Trojan:Win32/oficla.E

    Procedure to get the latest computer updates for vista
    Latest update will help to protect your system from viruses, worms, and other threats as they are discovered. It is necessary to install updates to all your software installed in your system this can be done from venors site.
    Follow the below steps to turn on Automatic Updates in Windows Vista
    1.Go to Start manu and open Control Panel.
    2.Select System and Maintainance.
    3.Then select Windows Updates.
    4.Select Install updates automatically setting as recommended by Microsoft and chose the time which is convenient for you to perform the update.
    Procedure to get the latest computer updates for windows XP:
    1.Go to Start menu and select Control Panel.
    2.Select System.
    3.Select Automatic Updates.
    4.Select Automatic setting as recommended by Microsoft and chose the time which is convenient for you to perform the update.

Similar Threads

  1. How to remove the TROJAN-BNK.Win32.Keylogger.gen
    By Gimbya in forum Networking & Security
    Replies: 3
    Last Post: 06-02-2012, 09:06 PM
  2. How to remove Trojan: win32/fakesysdef and trojan@winnt/alureon.s.
    By Barnard in forum Networking & Security
    Replies: 8
    Last Post: 28-08-2011, 09:50 AM
  3. Win32/Oficla.H trojan cannot be deleted
    By Javiier in forum Networking & Security
    Replies: 5
    Last Post: 25-02-2010, 09:19 AM
  4. How to remove Win32/Kryptik.BSG Trojan
    By Aandaleeb in forum Networking & Security
    Replies: 3
    Last Post: 15-01-2010, 12:42 AM
  5. How to remove Trojan Win32 ?
    By Caden in forum Networking & Security
    Replies: 2
    Last Post: 03-01-2009, 09:11 AM

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
Page generated in 1,711,696,279.59488 seconds with 17 queries