Beware This Trojan Virus!!


Well-known member
  • Dec 10, 2008
    Last night I found serious problem with my computer.
    it's very harmful Trojan virus. I don't know even someone suffer with this, but finally I found the solution..
    please read carefully and collect the information..

    First you boot the com you cannot see anything.. just only Blank screen and you can see little dialog box write as " win32 guided tour application". You should click it and it open like this dialog box

    when it appear and before you can't use even task manager. :(:(:(
    it says like this things

    "1. call one of the following numbers
    for landline phones

    2. wait for the answer and write down your identification key
    3.enter the identification key received by phone, click next to continue"

    Don't do anything
    if you need to boot your machine use this number 27496

    but this Fu*king virus still alive on our Machine :growl::growl::growl:

    Heres the steps what we should to do after got this matter

    Trojan.Ransomware removal instructions:

    1. Reboot your computer is "Safe Mode with Command Prompt". As the computer is booting tap the "F8 key" continuously which should bring up the "Windows Advanced Options Menu" as shown below. Use your arrow keys to move to "Safe Mode with Command Prompt" and press Enter key. Login as the same user you were previously logged in with in the normal Windows mode.

    2. When Windows loads, the Windows command prompt will show up as show in the image below. At the command prompt, type "explorer", and press Enter. Windows Explorer opens.

    3. Then open the Registry editor using the same Windows command prompt. Type "regedit"and press Enter. The Registry Editor opens.

    4. Locate the following registry entries:

    "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon"

    In the righthand pane select the registry key named Shell. Right click on this registry key and choose "Modify"
    Default value is Explorer.exe.
    Modified value data points to Trojan.Ransomware executable file

    If Trojan.Ransomware modified the Shell value data, please copy the location of the executable file it points to into Notepad and then change value data to Explorer.exe. Click OK to save your changes and exit the Registry editor.

    If the default value data (Explorer.exe) wasn't modified, please locate the second registry entry:


    In the righthand pane select the randomly named registry key. In our case it was 22997148.
    Copy the location of the executable file into Notepad and then delete the registry key. Right click on the registry key and choose Delete. Click Yes to confirm and exit the Registry editor.

    5. Delete Trojan.Ransomware files. Use the file location you saved into Notepad or otherwise noted in step 4. In our case, Trojan.Ransomware resided in %UserProfile% directory. There was a randomly named folder 22997148.

    Full path: C:\Documents and Settings\Michael\22997148\22997148.EXE

    NOTE: %UserProfile% refers to:
    C:\Documents and Settings\[UserName] (for Windows 2000/XP)
    C:\Users\[UserName]\ (for Windows Vista & Windows 7)

    6. Go back into "Normal Mode". Download free anti-malware software from the list below and run a full system scan.

    Here it

    Thats it... If not we have no any solution to do.. Just use the above number and open the system, get data what you need and format your machine..:(:(

    Thanks for read this.. (This post not 4 Rep, Just only solve your problems)

    If not really understand



    Well-known member
  • Jul 20, 2006
    oya vage godak adware ganaye hanikara vadasatahan enava api nodanuvathvama click karana link ho daana software vage eevalin. bohoma sthuthi danuvath kalaata kattiyava. Combofix kiyana software eken samaharavita ooka ain karaganna puluvan vai.