Tuesday, July 19, 2011

Removing virus TRAPI32.exe / TRAPI.exe (AIDEX RunTime)

Not sure how this got onto my system, but if you find yourself with a TRAPI32.exe running in the background under the SYSTEM classification, you may be at rough ends trying to use antivirus to clean it up.

I highly recommend that if you don't already have ZoneAlarm (free version) that you get it. I had ZoneAlarm running during the incubation of this virus. Trapi32.exe will make repeated calls to a Ukranian IP address, so if you don't have some sort of network firewall, you might be at a higher risk to suffer damages from this.

The fix is simpler than you think; no antivirus needed. Ending the task won't kill it because it will just come back. Same with "api-ms-win-core-io-l1-1-032.exe" which seems to have come with the virus.

 Heres how you get rid of it:

  1. Navigate to the folder it is in (Mine was C:\Windows\SysWOW64\trapi.exe
  2. Right click on the exe file. Select "Properties"
  3. Navigate to the Security tab. Now, under "Group or usernames:" select "SYSTEM"
  4. Select the "Edit..." button, and click a "Deny" permission. It should mark all under Deny. Accept, and close out (return to the file in windows explorer.)
  5. Select trapi32.exe in Task Manager and kill it. It shouldn't come back.
  6. Delete the exe file trapi.exe. 
  7. Done!
  8. Do the same for the api-ms-win-core-io-l1-1-032.exe file as well. I think it was under C:\ProgramData\ 
dll runtime files exe libraries how to fix a virus online virus free online what is runtime jucheck.exe
aidex runtime virus msiexec.exe GhostObjGAFix aidex.exe malwarebytes Vista service package 2 Windows 7


Post a Comment