The HEUR:trojan.win32.generic is a nasty virus that is typically accompanied by a root-kit that can cause you to loose everything on your hard drive. Kaspersky is not capable of removing this virus so instead you need to download and run Avast to get the job done. Follow the directions below to remove this trojan virus and any others that accompany it.
- Download and Install Avast: Visit the Avast web site http://www.avast.com and download the Professional addition that will give you a 60 day trial. Once downloaded run through the installer.
- Disable System Restore: Right click “My Computer” and select properties from the drop down menu. Click on the “System Restore” tab and check the “Turn Off System Restore”. Click the Apply button at the bottom of the configuration window followed by the OK button.
- Reboot Into Safe Mode: Reboot your PC into Safe Mode. If you are running Windows XP click the F8 key after the bios splash screen to enter the boot menu and then select “Safe Mode” from the menu options.
- Scan Local Drives: Scan all of the local drives with Avast and set the files to be deleted. It may display a message that the files will need to be deleted during reboot which is fine. Set Avast to scan on the next boot.
- Scan Again: During reboot Avast will take over and scan the system again. You will be required to select an option for what to do with the files. I recommend deleting the files.
- Boot Computer:Now boot up and run Avast protection to verify that all of the trojans have been removed. If they have not Avast will recommend that another scan be run during the boot process so if that is the case go ahead and follow those directions.
- Turn On System Restore: Once things are back to normal make sure to turn System Restore back on.
Now do a check of your system to make sure there were not any valuable files infected by the HEUR.trojan.win32.generic virus or any of the Root-Kits that were installed.
I must say, I could not agree with you in 100%, but that’s just my opinion, which could be very wrong.
p.s. You have an awesome template . Where did you find it?
Hello floor jacks,
Agree with which part? If something I posted above is incorrect please let me know.
The WordPress template is Mandigo by onehertz. The guy Tom who created it is a great guy and actively updates it.
do I need Avast professional to remove the virus, or can i do it with the regular free version? -thanks
Hello.
I think it will work with the free version however the person I removed this for wanted the professional version so that is the only way I have tested it. The professional version comes with a 60 day trial and the main thing will be to get the virus off of your computer. You could uninstall and use Avast free afterwards.
Hope that helps.
thanks
Kaspersky is the best Anti-Virus program i have ever used. it is way better than Mc Affe and Norton Antivirus.
Hello detoxtech,
I could not agree more. Both Mcafee and Norton completely hog the resources on your computer. I personally don’t use either of those but I also don’t use Kaspersky. I ended up writing this article because a client of mine had the above mentioned virus and Kaspersky was unable to remove it though Avast was. Just to be clear though I personally recommend Kaspersky to clients that require anti-virus because it is so much less bloated than the big guys such as Norton and Mcafee.
Thanks for bringing up the topic as I should have mentioned in my article that I have nothing against Kaspersky and this was one of the rare instances where Kaspersky was unable to get the job done.
Thanks.
alex
We just bought a new computer 2 days ago and I was installing Kaspersky this evening when I noticed that I had this nasty virus. I can’t believe it! I noticed that on my C: drive there was now a subfolder called Program Files (x86) which turned out to be the virus. Kaspersky quarantined it, but I am just wondering if I should just return the computer. It being brand new I just don’t want to have any long term problems. Your comments are greatly appreciated. Thanks.
Hello Nicky,
I would assume that Kaspersky is not returning the proper results but if you just bought the computer and you are having that many issues I would definitely consider returning it.
The “Program Files (x86)” is typically a legit folder on newer versions of Windows.
Thanks.
alex
Kaspersky is a bad investment.It does not remove anything
Hello Charles,
I typically have had decent luck with Kaspersky however in this case, with the HEUR:trojan.win32.generic virus I would agree that Kaspersky was didn’t do the job it was supposed to do for the cost of the software. Thanks for taking the time to leave feedback.
Thanks.
alex
Heur.Trojan.win32 is not an actual type of Trojan. Heur stands for heuristics, the warning you see is telling you that some program is behaving like a trojan according to Kaspersky’s heuristics engine, but Kaspersky doesn’t have an actual signature for it.
Recommending that users switch to Avast over Kaspersky won’t necessarily solve the problem because many different trojans will fall under this category.
Hello David,
I wasn’t aware of that so thanks for pointing this out. In my case it was an actual virus that Avast was able to remove when Kaspersky wasn’t. The article still is valid in the sense that if Kaspersky doesn’t locate what the specific virus is you could always give Avast a shot. I personally am not a fan of either of these virus scanners but attempting to try another one makes sense if the first virus scanner will not remove a virus.
Regardless though I really appreciate the feedback and information relating to the explanation of Heur.Trojan.Win32. If I run into this in the future it will give me more information to locate the actual name of the virus and find the software that does remove it.
Thanks.
alex
does the kasper 2010 , neutralize this torjan , i mean it couldnt do that in 2009 version , so can the new version clean my computer of this virus or not ?
thank you
Hello Tala,
Not sure to tell you the truth. I rarely see Kaspersky any longer and have yet to see the 2010 version. I suggest using the steps in the article above.
Thanks.
alex
I have just had a problem with Heur.Trojan.Win32 on my computer and Kaspersky 2010 seems to have removed it ok.
Hello Tom,
Great. Thanks so much for taking the time to leave feedback so others who use Kaspersky 2010 will know that it should remove the Heur.Trojan.Win32 virus.
For anyone reading this make sure you update Kaspersky to the latest virus definitions before removing.
Thanks.
alex
Don’t believe so fast for what Tom had said. Because i had KIS 2010 installed in my computer 3 months ago and yet the KIS 2010 only quarantined that nasty Heur.Trojan.Win32.Generic which has been infecting my computer for 3 days until now. It didn’t remove or disinfect that virus, only quarantine. And i always keep updating the KIS 2010 to its latest updates on June 14th 2010. But still…
I am getting nervous now since i noticed that virus keeps increasing, and that i’ve realized KIS 2010 is not that reliable.
So what to do now? Give me some advice pleaseeee……
Hello Blader,
Thanks for the information regarding Kaspersky 2010. Try Windows Defender and/or Avast.
Thanks.
alex
Alex, you are alive! That was a very fast reply. I will give it a try, but i haven’t had experience to have 2 or 3 Anti Virus installed in my computer. Hope they don’t crash. Thank You…
Hello Blader,
I would disable or uninstall Kaspersky if it is not doing the job you expect it to. Plus Windows Defender/Microsoft Security Essentials is all free.
Thanks.
alex
By the way, what are the risks or harms Heur.Trojan.win32.Generic virus and other virus can bring to my computer if i only have KIS 2010 KEEP QUARANTINE IT IN MY COMPUTER for unknown period of time or untill Kaspersky Lab have found a method to get rid of any QUARANTINE VIRUS??
Hello Blader,
If something is quarantined it should be fine though removing it is optimal.
Thanks.
alex
Hey, I just perused the Karpersky website and they do have an answer to the removal of this virus, They want a submission of the screen that has the detection of the virus on it. Then they write you a script which you must run and produce a log which you re-submit back to them. Then you run ANOTHER scripgt to delete severl lines of code. Then rerun the scan. Then perhaps it may be gone,
THIS IS RIDICULOUS! This is worse than a regedit. Why buy the program? Maybe I’d be better off buyong AVAST in the first place. Yet you emphatically recommend Karpz. Seems to me I gotta keep lookiong for a good, simple-to-use anti-virus program.
Hello Rick,
What do you think I am recommending? It definitely is not Kaspersky and it is definitely not paying for Avast. I would try Microsoft Security Essentials which includes Windows Defender and then if that doesn’t work I would try the free version of Avast. If both of those fail I would try ComboFix.
Thanks.
alex
Sorry. I must have mis-read something. Thanks for the suggestions. I’m at my wit’s end with this problem.
Hello Rick,
No problem at all. Just wanted to make sure I am clear. I suggest trying my suggestions above.
Thanks.
alex
I have been troubled for a week a everyday and hour of that too with this messy virus. Being on Kasperky 11 was hopeless; have had no response either having written twice to them. Even Avast failed to pick it up. Had to resort to combofix and that settled the matter once an dfor all after a few frights. Thanks a heap.
Hello Vic,
Sorry to hear about your troubles. Thanks for taking the time to note how you were able to resolve the issue.
Thanks.
alex
Советую всем попробовать Ricing Anti-Virus (он у меня стоит с НОД32). Сегодня во время проверки он обнаружил два файла с trojan.win32.generic и один бэкдоор (вирус который в обход брандмауэра дает управление хакеру), после чего их удалил.
Hello Тлек,
Thanks for the suggestion. I have yet to use Ricing Antivirus so I can neither confirm or deny its effectiveness. Also anyone wanting to try Ricing be aware that it costs $20 for a single user license.
Thanks.
alex
i can’t find “Turn Off System Restore”. on my computer. (Win7) there is “turn off system protection”. is it the same. i’m afraid to completely ruin everything
Hello wanderer,
It is the same in Windows 7. You can actually enable/disable system restore (or system protection) on a per disk basis in Windows 7. The below directions will allow you to disable system restore in Windows 7.
1. Right click My Computer and select Properties
2. Click System Protection in the left navigation menu (this will pop up a new window)
3. Highlight each drive one at a time and click the Configure button (this will pop up a new window)
4. Click the radio button next to “Turn off system protection”
5. Click the Apply button followed by the OK button to save the settings
6. Repeat for each disk that has System Protection (System Restore)
Hope that helps.
Thanks.
alex
thank you alex
I did all the recommended by you steps, but avast didn’t find any threats. (even though kaspersky found this trojan before and couldn’t do anything about it) does it mean my computer is cured? can it be? windows can update now at least, which it wasn’t able to do during last week.
Hello wandere,
You might try Microsoft Security Essentials or Malwarebytes to see if that resolves the issue. I cannot say one way or the other if the virus has been removed or not without being in front of the computer and analyzing it myself.
Thanks.
alex
Deletted virus HEUR:Trojan.win32.Generic with Kaspersky 2010 located in c:….AppData\Local\Temp\sv4.exe . This shit put my procesor PhenomII x6 cores at 100% full work, first step turn off ur Pc and then internet conexion coz this virus redirect you to more virus and crap like that, then restard Pc and ur antivirus should clean this s*** easy like my lovely kaspersky do here ;D also this s*** redirect me to 47 new trojans before I turn off my pc and internet…
P.D Also I used “Your Uninstaler” program (like ccleaner but 10+ better) coz first times kaspersky restart my pc like 10 times to kill this s*** with “window error” cant work 32bit in 64bit bla bla etc Your uninstaler or ccleaner to clean cookies and temporal crap from internet and then kaspersky eat this s*** easy. Location in my pc -> c:\Users\MyName\AppData\Local\Temp\Sv4.exe -> dead.
Hello Chuck,
Okie dokie if you say so. :)
Thanks.
alex