Home Blog

How to remove Trojan.Prinimalka from Your Computer

Posted by in Blog Trojan
on November 3rd, 2012 | Leave a comment

Trojan.Prinimalka is a member of Gozi Trojan family, which is designed to collect sensitive data especially online accounts and then send to the server. The Trojan is hard to remove since hackers will release updates regularly to prevent it from being detected or removed by a security program. When Trojan.Prinimalka invades a computer, it will also corrupt the security system including firewall and antivirus software. As a result, the compromised computer is easily infected by other kinds of threats such as browser hijacker and adware like Tazinga virus. If you find you can not log in any online account, it must have been stolen by a third party that hackers sell your data to. You can even have finial loss due to the infection. You should remove Trojan.Prinimalka as long as you notice it.

How to remove Trojan.Prinimalka manually
The Trojan creates lots of malicious files and registry entries on a compromised computer, so it takes a long time to delete them completely. But luckily we have the list of files and registry entries Trojan.Prinimalka drops, so you just have to find out them.

1. Delete following files

%UserProfile%\govXXXX.exe – the ‘X’s are random lowercase letters
%UserProfile%\govold.exe
%UserProfile%\govtemp1.exe
%UserProfile%\govcookies.txt
%CD%\govcookies.dat

2. Remove Trojan.Prinimalka registry entries via registry editor

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run “govbalance”
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run “govcontrol_crc”
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run “govid”
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run “govopt_certs”
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run “govopt_command”
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run “govopt_file”
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run “govopt_forms”
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run “govopt_idproject”
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run “govopt_options”
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run “govopt_pauseopt”
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run “govopt_pstorage”
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run “govopt_reserv”
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run “govopt_server1″
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run “govopt_ss”
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run “govoptions”
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run “govShell”

Recommended way to remove Trojan.Prinimalka
Are you unable to delete the Trojan manually? Is manual removal hard for you? Here is another way to wipe off the infection, but you need to equip your computer with a program first. The program you need to install is an advanced virus removal software which can detect and remove Trojan.Prinimalka completely. The whole scan maybe take a long time, but as long as the scan completes the removal job will just take a second. Do you want to use such an effective Trojan.Prinimalka removal tool? Spyware Cease is highly recommended to you.

Leave a Reply