Home / Web / MALWARE / Removing Trojan generic24.cgol

Removing Trojan generic24.cgol

remove trojan generic 24 banner image

Trojan generic24.cgol Removal, Information and Detection

removing trojan generic 24 header imageThis will no doubt be the main reason someone will be looking for information about Trojan horse generic24.cgol, so I will discuss this process first. Also read the rest of the article before proceeding which will hopefully help you to understand the removal process better; where to find infections which the AV software may not discover.

This guide to removing generic 24 Trojans is based on Trojan generic24.cgol, and describes the manual removal process required.

More information about Generic24.cgol Trojan

Some more information is provided at the end of the article about this Trojan and the Generic Family of Trojan Horses;

  • Early Warning Signs
  • Known Information (some may still be speculative at the time of writing. I can only confirm the information from my own experience with this virus.)
  • Detection of Trojan generic24.cgol
  • Infected Master Boot Record
  • FakeAV (Fake Anti Virus Software)

Removal of Trojan generic24.cgol:

This will no doubt be the main reason someone will be looking for information about Trojan horse generic24.cgol, so I will discuss this process first. Also read the rest of the article before proceeding which will hopefully help you to understand the removal process better; where to find infections which the AV software may not discover.

This removal process is based on an infection in FireFox browser that I used to successfully remove Trojan generic24.cgol from my own computer

An effort has been made to present the removal of generic24.cgol from a broader perspective; following the steps presented should assist in removal from other infected programs. The information should also provide useable guidelines for removing other variants of Trojan generic 24.

  • Update your AV software!
  • Anti virus scan must be run in SAFE MODE (continually click F8 on start-up until the start-up options screen displays)
  • System Restore must be turned OFF
  • All scanning options in your AV scanner must be selected
  • A full scan is required – quick scans will most likely not detect the virus
  • At present, full removal requires manual intervention. Any application where the virus is found must be completely removed from the PC, all settings folders deleted, and all references to the application deleted from Windows Registry.
  • Depending on which AV application you use, when the scan is completed, proceed to the next step (move to virus vault, quarantine, delete are some of the possible options) Complete all required steps. Usually if the scan is done in SAFE MODE, the AV app will be able to quarantine or delete the infected file. Note: Trojan and virus files cannot be ‘healed’ or repaired – only other damaged or infected files can be healed
  • Once the AV scan has found a Trojan generic24 infection, make a note of where the Trojan horse was located and the name of the file or files found.
  • Uninstall any infected applications e.g. Mozilla Firefox using Windows Add or Remove Programs
  • Locate the settings folder - usually C:\documents and settings\username\application data\application name e.g. Mozilla
  • Delete this folder and all sub-folders!
  • A second full scan should be run after these steps are completed and any further infections removed as in the previous steps.

Edit the Registry

Open Windows Registry

  • From Start Menu select RUN. Type ‘regedit’ into command prompt window.
  • Navigate to:
    • HKEY_CURRENT_USER\Software\Mozilla\ - DELETE ALL ENTRIES including sub-folders
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\ (be careful here – an error can cause damage to your windows installation) Delete any reference to all files detected by the AV scan as malware

Once all these steps are complete, reboot in normal mode, and SCAN AGAIN! Yes, this may sound like overkill, and it does take time, but a little extra time spent now can save a lot of time later on.

Re-install any applications that were deleted, from the original disk or a fresh Internet installation

UPDATE Windows, especially Windows Security updates

Early Warning Signs of Generic 24 Trojan Infection

Early warning signs to watch out for include:

  • Internet browser crashes unexpectedly
  • Error messages when changing web passwords
  • Browser responds slowly
  • System is suddenly slower than normal
  • Internet connection is lost
  • Internet connection is actively sending or receiving data, although you are not actively using the net.
  • Windows crashes for no reason

Any of these are common signs of an active virus or Trojan, Trojan horse generic24.cgol is no exception.

Update your AV software and scan immediately.

General Information about Trojan generic24 group viruses

Trojan horse generic24.cgol (AVG Anti Virus discovery name) is one of a group of Trojans known as Trojan horse generic 24 (or Trojan generic24) with numerous differing extension names. Trojan horse generic24.cgol is particularly dangerous because it does not need human interaction to install itself, once a link to a web page containing the Trojan has been clicked, Trojan horse generic24.cgol installs. From this behavior it may be more appropriate to classify Trojan horse generic24.cgol as a virus.

Some of the generic24 group are considered rootkits or perhaps a more accurate description may be they download rootkit viruses. (Rootkits infect the part of the hard drive known as the Master Boot Record or MBR).

Many of the Trojan generic24 group install keystroke loggers (which send information about the key sequences you use to enter passwords and other confidential information to the hacker.

Methods of infection:

  • Infected e-mails linking to infected website or containing the virus
  • Malicious Websites
  • Speculation exists that FakeAV – Fake Anti Virus Software (see footnotes) may be another source of Trojan horse generic24.cgol

How it works:

Once the Trojan horse generic24.cgol infects a Windows PC, it becomes active and downloads further malware from the Internet.

Known types of virus called by Trojan horse generic24.cgol

  • Linux/Unix database blocking virus (At least 1 known instance) which adds blocking code to database tables
  • Password blocking

Suspected Activities (speculation at time of writing)

  • Keystroke logging
  • Trojan generic 24.cgol possibly corrupts 'cookies' set by websites.

Known programs infected by Trojan Generic 24.cgol

  • Firefox (versions before 6.0.2 (I cannot confirm that the latest version of FireFox is not infected so urge caution)
  • There is a possibility other browsers as well as other applications may be infected.

Detection of Trojan generic24.cgol:

AVG 2011 will detect trojan generic24 during a full system scan. (All scanning options must be turned on). This may be the first indication a computer has been infected by the generic 24 Trojan.

Anti Virus software (as at 22/09/2011) does not stop initial infection. AVG has released 2 updates since then. including today's (24/09) linkscanner database update. Hopefully these updates contain the virus patterns to allow AVG to discover trojan generic 24 before it is able to infect a PC.

Other AV software may detect it provided heuristic scanning and all other options are enabled (there have been reports posted on tech forums that some other apps do not detect it).

Damage caused.

This is KNOWN damage at the time of writing, there may well be other forms of damage caused by Trojan generic24.cgol especially if not removed immediately.

  • It infects Firefox and other browsers
  • It will try to block password changes on website accounts which can result in the user being locked out of their account
  • It damages MySQL databases
  • It has locked users out of web site administration pages, and has crashed 1 known Drupal 7 web site

Speculation on further damage caused by the .cgol variant of Generic 24 Trojan

Trojan horse generic24.cgol may also infect and damage executable files including Windows files and applications (or install other viruses that will).

Trojan horse generic24.cgol may install a virus that infects and corrupts the Master Boot Record (MBR)

Original Source of Trojan generic24.cgol

Unknown at this time, possibly Asian sub-continent. The earliest incident of Trojan horse generic24.cgol I have been able to find was reported from Berlin, Germany on 16 September 2011 (See the report) - also a FireFox browser infection. It is highly possible there were earlier incidences, which may not yet have been discovered.

Master Boot Record (MBR) Damage. (Unconfirmed at time of writing)

Trojan horse generic24.cgol may result in an infected or corrupted Master Boot Record

Repairing a damaged MBR is beyond the scope of this article. Non technical persons should discuss the problem with a PC technician.

 Repairing the Master Boot Record (MBR) can, if not correctly done, result in a corrupted hard drive, which may require data recovery to get back lost data.

If the Trojan horse generic24 has installed other viruses which may be even more damaging, and especially if the MBR has been infected or damaged, it may be easier (especially for non-technical PC users) and safer to do a complete system re-installation on a clean hard drive.

Saving existing data:

Provided the virus is stopped before does too much harm, existing data should be saveable. Viruses such as this are a good reason why data should be backed up regularly.

ONLY AFTER the scanning steps mentioned; backup data documents to a clean external hard drive or other backup device. Make sure to only copy or backup documents, images and so on – do not backup or copy application settings!

Do not use the Windows 'transfer documents and settings' tool – any un-cleaned infection could be transferred to the new installation

FakeAV:

Fake Anti virus software is a common method of distributing viruses.  Websites offer a free anti-virus scan. The scan claims to detect a virus, and the PC user is asked to purchase the application to remove the virus. Often these free scans download one or more viruses or Trojans, and are the cause of an infection.

Never use any AV scanner offered from an unknown website, or from a link contained in any e-mail. All the reputable Anti Virus and Internet Security software vendors e.g. Trend Micro, AVG, Symantec (Norton) MacAfee, Kaspersky MalwareBytes and others have free versions of their software (which can normally be used for 30 days) which provide the same level of protection as the paid for version. Some of these vendors also provide high quality free online scanning tools; House Call from Trend Micro is one of these.

me on google plus+Mike Otgaar

Updated: 2012-04-23

Protected by Copyscape Online Plagiarism Check

 

Author: 
Mike Otgaar