G
Guest
How to remove this virus?
Please help
Thank you all guys
Please help
Thank you all guys
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an alternative browser.
You should upgrade or use an alternative browser.
G
Guest
P.J. said:How to remove this virus?
Please help
Thank you all guys
You did not provide more info about your Operating system version, what
anti-virus and Firewall you have installed. Yes this Path is definitely a
suspicious to me.
Go through these Cleaning steps:
1... First, try to clean up your caches, Internet files and delete cookies
by doing this:
Click Start >> Control Panel >> Double click Network and Internet
Connections >> Double click Internet Options.
On the IE properties windows you will see these Taps:
General | Security | Privacy | Content | Connections | Programs |
Advanced
Under General Tab clear your History, Internet Files and Cookies.
Then click on Advanced tab and scroll down to under the Browsing Option:
[&] Browsing
[ ] Enable Third-Party browser extensions (Req Rest) uncheck this box.
Then click on Programs Tab and click Manage Add-Ons and Disable all non
Verified Add-Ons (You should Renable them later one-by-one and see the
culprit and update it or remove it.
How to manage Add-Ons:
http://support.microsoft.com/kb/883256
Scan for malware from here:
Spybot Search & Destroy
http://www.safer-networking.org/en/download/index.html
Run a scan from here on-line:
http://security.symantec.com/sscv6/default.asp?langid=ie&venid=sym
http://www3.ca.com/securityadvisor/virusinfo/scan.aspx
Download Avast Cleaner (offline scanner) from here:
http://www.avast.com/eng/avast-virus-cleaner.html
Lots of tools to download and disinfect your machine (offline scanner):
http://www.bitdefender.co.uk/site/Downloads/browseFreeRemovalTool/
After the scan run disk cleanup on your drive.
2- Download the Hijackthis and send the report to one of many
forums for analysis and troubleshooting:
http://www.merijn.org/index.php
When all else fails, HijackThis v1.99.1
(http://aumha.org/downloads/hijackthis.zip) is the preferred tool to use.
It will help you to both identify and remove any hijackware/spyware. Post
your log to http://aumha.net/viewforum.php?f=30,
http://castlecops.com/forum67.html,
http://forums.subratam.org/index.php?showforum=7, or other appropriate
forums for expert analysis, not here.
Any error message, have a look in the event viewer and post them here.
HTH.
nass
G
Guest
My buddy is Dell Inspron 6500, running with Home XP. My anti virus is Mc Afee
when i was scan using of this anti virus there is a message prompt to me
"trojan virus spayware".
Please help me because now my system getting worse running too much slow
when i was scan using of this anti virus there is a message prompt to me
"trojan virus spayware".
Please help me because now my system getting worse running too much slow
nass said:P.J. said:How to remove this virus?
Please help
Thank you all guys
You did not provide more info about your Operating system version, what
anti-virus and Firewall you have installed. Yes this Path is definitely a
suspicious to me.
Go through these Cleaning steps:
1... First, try to clean up your caches, Internet files and delete cookies
by doing this:
Click Start >> Control Panel >> Double click Network and Internet
Connections >> Double click Internet Options.
On the IE properties windows you will see these Taps:
General | Security | Privacy | Content | Connections | Programs |
Advanced
Under General Tab clear your History, Internet Files and Cookies.
Then click on Advanced tab and scroll down to under the Browsing Option:
[&] Browsing
[ ] Enable Third-Party browser extensions (Req Rest) uncheck this box.
Then click on Programs Tab and click Manage Add-Ons and Disable all non
Verified Add-Ons (You should Renable them later one-by-one and see the
culprit and update it or remove it.
How to manage Add-Ons:
http://support.microsoft.com/kb/883256
Scan for malware from here:
Spybot Search & Destroy
http://www.safer-networking.org/en/download/index.html
Run a scan from here on-line:
http://security.symantec.com/sscv6/default.asp?langid=ie&venid=sym
http://www3.ca.com/securityadvisor/virusinfo/scan.aspx
Download Avast Cleaner (offline scanner) from here:
http://www.avast.com/eng/avast-virus-cleaner.html
Lots of tools to download and disinfect your machine (offline scanner):
http://www.bitdefender.co.uk/site/Downloads/browseFreeRemovalTool/
After the scan run disk cleanup on your drive.
2- Download the Hijackthis and send the report to one of many
forums for analysis and troubleshooting:
http://www.merijn.org/index.php
When all else fails, HijackThis v1.99.1
(http://aumha.org/downloads/hijackthis.zip) is the preferred tool to use.
It will help you to both identify and remove any hijackware/spyware. Post
your log to http://aumha.net/viewforum.php?f=30,
http://castlecops.com/forum67.html,
http://forums.subratam.org/index.php?showforum=7, or other appropriate
forums for expert analysis, not here.
Any error message, have a look in the event viewer and post them here.
HTH.
nass
J
Jim
Can't McAfee remove it?P.J. said:My buddy is Dell Inspron 6500, running with Home XP. My anti virus is Mc
Afee
when i was scan using of this anti virus there is a message prompt to me
"trojan virus spayware".
Please help me because now my system getting worse running too much slow
Did you follow the steps given by another poster?
Jim
nass said:P.J. said:How to remove this virus?
Please help
Thank you all guys
You did not provide more info about your Operating system version, what
anti-virus and Firewall you have installed. Yes this Path is definitely a
suspicious to me.
Go through these Cleaning steps:
1... First, try to clean up your caches, Internet files and delete
cookies
by doing this:
Click Start >> Control Panel >> Double click Network and Internet
Connections >> Double click Internet Options.
On the IE properties windows you will see these Taps:
General | Security | Privacy | Content | Connections | Programs |
Advanced
Under General Tab clear your History, Internet Files and Cookies.
Then click on Advanced tab and scroll down to under the Browsing Option:
[&] Browsing
[ ] Enable Third-Party browser extensions (Req Rest) uncheck this box.
Then click on Programs Tab and click Manage Add-Ons and Disable all non
Verified Add-Ons (You should Renable them later one-by-one and see the
culprit and update it or remove it.
How to manage Add-Ons:
http://support.microsoft.com/kb/883256
Scan for malware from here:
Spybot Search & Destroy
http://www.safer-networking.org/en/download/index.html
Run a scan from here on-line:
http://security.symantec.com/sscv6/default.asp?langid=ie&venid=sym
http://www3.ca.com/securityadvisor/virusinfo/scan.aspx
Download Avast Cleaner (offline scanner) from here:
http://www.avast.com/eng/avast-virus-cleaner.html
Lots of tools to download and disinfect your machine (offline scanner):
http://www.bitdefender.co.uk/site/Downloads/browseFreeRemovalTool/
After the scan run disk cleanup on your drive.
2- Download the Hijackthis and send the report to one of many
forums for analysis and troubleshooting:
http://www.merijn.org/index.php
When all else fails, HijackThis v1.99.1
(http://aumha.org/downloads/hijackthis.zip) is the preferred tool to use.
It will help you to both identify and remove any hijackware/spyware. Post
your log to http://aumha.net/viewforum.php?f=30,
http://castlecops.com/forum67.html,
http://forums.subratam.org/index.php?showforum=7, or other appropriate
forums for expert analysis, not here.
Any error message, have a look in the event viewer and post them here.
HTH.
nass
G
Guest
Hi,
I have the same problem. Did you find a solution? I can find the file
Lsass.exe but it is not possible to delete it!
Thanks,
FM
I have the same problem. Did you find a solution? I can find the file
Lsass.exe but it is not possible to delete it!
Thanks,
FM
Jim said:Can't McAfee remove it?P.J. said:My buddy is Dell Inspron 6500, running with Home XP. My anti virus is Mc
Afee
when i was scan using of this anti virus there is a message prompt to me
"trojan virus spayware".
Please help me because now my system getting worse running too much slow
Did you follow the steps given by another poster?
Jimnass said::
How to remove this virus?
Please help
Thank you all guys
You did not provide more info about your Operating system version, what
anti-virus and Firewall you have installed. Yes this Path is definitely a
suspicious to me.
Go through these Cleaning steps:
1... First, try to clean up your caches, Internet files and delete
cookies
by doing this:
Click Start >> Control Panel >> Double click Network and Internet
Connections >> Double click Internet Options.
On the IE properties windows you will see these Taps:
General | Security | Privacy | Content | Connections | Programs |
Advanced
Under General Tab clear your History, Internet Files and Cookies.
Then click on Advanced tab and scroll down to under the Browsing Option:
[&] Browsing
[ ] Enable Third-Party browser extensions (Req Rest) uncheck this box.
Then click on Programs Tab and click Manage Add-Ons and Disable all non
Verified Add-Ons (You should Renable them later one-by-one and see the
culprit and update it or remove it.
How to manage Add-Ons:
http://support.microsoft.com/kb/883256
Scan for malware from here:
Spybot Search & Destroy
http://www.safer-networking.org/en/download/index.html
Run a scan from here on-line:
http://security.symantec.com/sscv6/default.asp?langid=ie&venid=sym
http://www3.ca.com/securityadvisor/virusinfo/scan.aspx
Download Avast Cleaner (offline scanner) from here:
http://www.avast.com/eng/avast-virus-cleaner.html
Lots of tools to download and disinfect your machine (offline scanner):
http://www.bitdefender.co.uk/site/Downloads/browseFreeRemovalTool/
After the scan run disk cleanup on your drive.
2- Download the Hijackthis and send the report to one of many
forums for analysis and troubleshooting:
http://www.merijn.org/index.php
When all else fails, HijackThis v1.99.1
(http://aumha.org/downloads/hijackthis.zip) is the preferred tool to use.
It will help you to both identify and remove any hijackware/spyware. Post
your log to http://aumha.net/viewforum.php?f=30,
http://castlecops.com/forum67.html,
http://forums.subratam.org/index.php?showforum=7, or other appropriate
forums for expert analysis, not here.
Any error message, have a look in the event viewer and post them here.
HTH.
nass
G
Guest
1) In Windows Explorer, record modified date/time of the bogus lsass.exe
2) Rename it by adding zzx_ prefix.
3) Get Internet Explorer to delete all temporary files and downloaded
program files.
4) Reboot.
If the bogus lsass.exe re-appears, continue:
5) Rename it again
6) In Explorer, search C:\ for all files modified on the date you recorded
in (1) above. Sort into time order and rename all files of the same size as
bogus lsass.exe modified within 2 minutes of the time you recorded.
7) Record paths of all other files modified in this time window - they are
suspects.
8) Reboot with no network connection.
9) If the bogus lsass.exe does not appear, the only other thing to guard
against is an intruder program that calls home to download the files you
renamed.
10) Plug into the network, and if you don't have a software firewall which
alerts on outgoing traffic, install one - e.g. free version of Zone Alarm.
11) Make sure the infection has not already re-appeared, and reboot again.
12) Zone alarm should alert you if one of the suspects tries to call home.
Re-name it.
13) If you want to, delete the renamed files.
--
HTH
Newell White
2) Rename it by adding zzx_ prefix.
3) Get Internet Explorer to delete all temporary files and downloaded
program files.
4) Reboot.
If the bogus lsass.exe re-appears, continue:
5) Rename it again
6) In Explorer, search C:\ for all files modified on the date you recorded
in (1) above. Sort into time order and rename all files of the same size as
bogus lsass.exe modified within 2 minutes of the time you recorded.
7) Record paths of all other files modified in this time window - they are
suspects.
8) Reboot with no network connection.
9) If the bogus lsass.exe does not appear, the only other thing to guard
against is an intruder program that calls home to download the files you
renamed.
10) Plug into the network, and if you don't have a software firewall which
alerts on outgoing traffic, install one - e.g. free version of Zone Alarm.
11) Make sure the infection has not already re-appeared, and reboot again.
12) Zone alarm should alert you if one of the suspects tries to call home.
Re-name it.
13) If you want to, delete the renamed files.
--
HTH
Newell White
London Trader said:Hi,
I have the same problem. Did you find a solution? I can find the file
Lsass.exe but it is not possible to delete it!
Thanks,
FM
Jim said:Can't McAfee remove it?P.J. said:My buddy is Dell Inspron 6500, running with Home XP. My anti virus is Mc
Afee
when i was scan using of this anti virus there is a message prompt to me
"trojan virus spayware".
Please help me because now my system getting worse running too much slow
Did you follow the steps given by another poster?
Jim:
:
How to remove this virus?
Please help
Thank you all guys
You did not provide more info about your Operating system version, what
anti-virus and Firewall you have installed. Yes this Path is definitely a
suspicious to me.
Go through these Cleaning steps:
1... First, try to clean up your caches, Internet files and delete
cookies
by doing this:
Click Start >> Control Panel >> Double click Network and Internet
Connections >> Double click Internet Options.
On the IE properties windows you will see these Taps:
General | Security | Privacy | Content | Connections | Programs |
Advanced
Under General Tab clear your History, Internet Files and Cookies.
Then click on Advanced tab and scroll down to under the Browsing Option:
[&] Browsing
[ ] Enable Third-Party browser extensions (Req Rest) uncheck this box.
Then click on Programs Tab and click Manage Add-Ons and Disable all non
Verified Add-Ons (You should Renable them later one-by-one and see the
culprit and update it or remove it.
How to manage Add-Ons:
http://support.microsoft.com/kb/883256
Scan for malware from here:
Spybot Search & Destroy
http://www.safer-networking.org/en/download/index.html
Run a scan from here on-line:
http://security.symantec.com/sscv6/default.asp?langid=ie&venid=sym
http://www3.ca.com/securityadvisor/virusinfo/scan.aspx
Download Avast Cleaner (offline scanner) from here:
http://www.avast.com/eng/avast-virus-cleaner.html
Lots of tools to download and disinfect your machine (offline scanner):
http://www.bitdefender.co.uk/site/Downloads/browseFreeRemovalTool/
After the scan run disk cleanup on your drive.
2- Download the Hijackthis and send the report to one of many
forums for analysis and troubleshooting:
http://www.merijn.org/index.php
When all else fails, HijackThis v1.99.1
(http://aumha.org/downloads/hijackthis.zip) is the preferred tool to use.
It will help you to both identify and remove any hijackware/spyware. Post
your log to http://aumha.net/viewforum.php?f=30,
http://castlecops.com/forum67.html,
http://forums.subratam.org/index.php?showforum=7, or other appropriate
forums for expert analysis, not here.
Any error message, have a look in the event viewer and post them here.
HTH.
nass
J
Jim
I don't have this problem. Perhaps a running program cannot be deleted.London Trader said:Hi,
I have the same problem. Did you find a solution? I can find the file
Lsass.exe but it is not possible to delete it!
Thanks,
FM
If so, then I would boot my BartPE from the CD. BartPE can surely delete
anything.
Or, I would try Knoppix. It ignores XP permissions hence it can delete
anything.
Or, perhaps the repair console can do the job.
Another poster has suggested yet another way.
Jim
Jim said:Can't McAfee remove it?P.J. said:My buddy is Dell Inspron 6500, running with Home XP. My anti virus is
Mc
Afee
when i was scan using of this anti virus there is a message prompt to
me
"trojan virus spayware".
Please help me because now my system getting worse running too much
slow
Did you follow the steps given by another poster?
Jim:
:
How to remove this virus?
Please help
Thank you all guys
You did not provide more info about your Operating system version,
what
anti-virus and Firewall you have installed. Yes this Path is
definitely a
suspicious to me.
Go through these Cleaning steps:
1... First, try to clean up your caches, Internet files and delete
cookies
by doing this:
Click Start >> Control Panel >> Double click Network and Internet
Connections >> Double click Internet Options.
On the IE properties windows you will see these Taps:
General | Security | Privacy | Content | Connections | Programs |
Advanced
Under General Tab clear your History, Internet Files and Cookies.
Then click on Advanced tab and scroll down to under the Browsing
Option:
[&] Browsing
[ ] Enable Third-Party browser extensions (Req Rest) uncheck this
box.
Then click on Programs Tab and click Manage Add-Ons and Disable all
non
Verified Add-Ons (You should Renable them later one-by-one and see the
culprit and update it or remove it.
How to manage Add-Ons:
http://support.microsoft.com/kb/883256
Scan for malware from here:
Spybot Search & Destroy
http://www.safer-networking.org/en/download/index.html
Run a scan from here on-line:
http://security.symantec.com/sscv6/default.asp?langid=ie&venid=sym
http://www3.ca.com/securityadvisor/virusinfo/scan.aspx
Download Avast Cleaner (offline scanner) from here:
http://www.avast.com/eng/avast-virus-cleaner.html
Lots of tools to download and disinfect your machine (offline
scanner):
http://www.bitdefender.co.uk/site/Downloads/browseFreeRemovalTool/
After the scan run disk cleanup on your drive.
2- Download the Hijackthis and send the report to one of many
forums for analysis and troubleshooting:
http://www.merijn.org/index.php
When all else fails, HijackThis v1.99.1
(http://aumha.org/downloads/hijackthis.zip) is the preferred tool to
use.
It will help you to both identify and remove any hijackware/spyware.
Post
your log to http://aumha.net/viewforum.php?f=30,
http://castlecops.com/forum67.html,
http://forums.subratam.org/index.php?showforum=7, or other appropriate
forums for expert analysis, not here.
Any error message, have a look in the event viewer and post them here.
HTH.
nass
G
Guest
hi pj you can remove this virus with stinger or sasser patch
G
Guest
Thanks. What is stinger and sasser patch? on where i could find this or to
download?
download?
G
Guest
Thanks Newell,
Also, my task manager was disable even the RUN program doesn't appear (i try
to use the keyboard key short window+R still not running).. how to enable ?
Also, my task manager was disable even the RUN program doesn't appear (i try
to use the keyboard key short window+R still not running).. how to enable ?
Newell White said:1) In Windows Explorer, record modified date/time of the bogus lsass.exe
2) Rename it by adding zzx_ prefix.
3) Get Internet Explorer to delete all temporary files and downloaded
program files.
4) Reboot.
If the bogus lsass.exe re-appears, continue:
5) Rename it again
6) In Explorer, search C:\ for all files modified on the date you recorded
in (1) above. Sort into time order and rename all files of the same size as
bogus lsass.exe modified within 2 minutes of the time you recorded.
7) Record paths of all other files modified in this time window - they are
suspects.
8) Reboot with no network connection.
9) If the bogus lsass.exe does not appear, the only other thing to guard
against is an intruder program that calls home to download the files you
renamed.
10) Plug into the network, and if you don't have a software firewall which
alerts on outgoing traffic, install one - e.g. free version of Zone Alarm.
11) Make sure the infection has not already re-appeared, and reboot again.
12) Zone alarm should alert you if one of the suspects tries to call home.
Re-name it.
13) If you want to, delete the renamed files.
--
HTH
Newell White
London Trader said:Hi,
I have the same problem. Did you find a solution? I can find the file
Lsass.exe but it is not possible to delete it!
Thanks,
FM
Jim said:My buddy is Dell Inspron 6500, running with Home XP. My anti virus is Mc
Afee
when i was scan using of this anti virus there is a message prompt to me
"trojan virus spayware".
Please help me because now my system getting worse running too much slow
Can't McAfee remove it?
Did you follow the steps given by another poster?
Jim
:
:
How to remove this virus?
Please help
Thank you all guys
You did not provide more info about your Operating system version, what
anti-virus and Firewall you have installed. Yes this Path is definitely a
suspicious to me.
Go through these Cleaning steps:
1... First, try to clean up your caches, Internet files and delete
cookies
by doing this:
Click Start >> Control Panel >> Double click Network and Internet
Connections >> Double click Internet Options.
On the IE properties windows you will see these Taps:
General | Security | Privacy | Content | Connections | Programs |
Advanced
Under General Tab clear your History, Internet Files and Cookies.
Then click on Advanced tab and scroll down to under the Browsing Option:
[&] Browsing
[ ] Enable Third-Party browser extensions (Req Rest) uncheck this box.
Then click on Programs Tab and click Manage Add-Ons and Disable all non
Verified Add-Ons (You should Renable them later one-by-one and see the
culprit and update it or remove it.
How to manage Add-Ons:
http://support.microsoft.com/kb/883256
Scan for malware from here:
Spybot Search & Destroy
http://www.safer-networking.org/en/download/index.html
Run a scan from here on-line:
http://security.symantec.com/sscv6/default.asp?langid=ie&venid=sym
http://www3.ca.com/securityadvisor/virusinfo/scan.aspx
Download Avast Cleaner (offline scanner) from here:
http://www.avast.com/eng/avast-virus-cleaner.html
Lots of tools to download and disinfect your machine (offline scanner):
http://www.bitdefender.co.uk/site/Downloads/browseFreeRemovalTool/
After the scan run disk cleanup on your drive.
2- Download the Hijackthis and send the report to one of many
forums for analysis and troubleshooting:
http://www.merijn.org/index.php
When all else fails, HijackThis v1.99.1
(http://aumha.org/downloads/hijackthis.zip) is the preferred tool to use.
It will help you to both identify and remove any hijackware/spyware. Post
your log to http://aumha.net/viewforum.php?f=30,
http://castlecops.com/forum67.html,
http://forums.subratam.org/index.php?showforum=7, or other appropriate
forums for expert analysis, not here.
Any error message, have a look in the event viewer and post them here.
HTH.
nass
Ask a Question
Want to reply to this thread or ask your own question?
You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.