Help removing popup Trojan Nameshift

[Guest]

There is a trojan by the name of Trojan.startup.Nameshifter.EW on my
computer at work that pops up all day long. I just installed the newest
Microsoft Antispyware on there this week and that trojan had about 20,000
signatures...It took about 2 1/2 hrs for the scan to run and about the same
amount of time to finish, the previous person to use this computer did not
use virus protection etc..But, this one trojan causes popups all day long
trying to install and i'm not even connected to the internet when its trying
this...Any help at all would be greatly appreciated..Thank you, Sondra.....

 

[Guest]

Hi Sondra

Your best running scans in safe mode with Microsoft Antispyware on the
infected system as it sounds like its having problems in normal mode if it
detected that many signatures, Instructions for booting to safe mode are
below but Ive also added links for Ewido and SpySweeper incase the problems
continue, between them they will clear most of the junk thats infecting pc's,
Also Ccleaner would be usefull to remove all the temp files from the system
as alot of malware installers save into the temp folders. Try Microsoft
Antispyware in safe mode first but if you still have problems here's the
links to other recommended removers if they are needed.

SpySweeper

http://www.webroot.com/downloads/

(It's a 2 week Free trial):

Click the Free Trial link on the right - next to "SpySweeper for Home
Computers" to download the program.
Install it.
Once the program is installed, it will open.
It will prompt you to update to the latest definitions, click Yes.
Once the definitions are installed, close SpySweeper for now.

The Ewido Security Suite

http://www.ewido.net/en/download/

(again its a 14 day free trial but it still works fine as a standard scanner
and remover after that expires, its just stops real time protection and auto
updates but the real time is not recommended if you have Microsoft
Antispyware's protection enabled and the updates can still be done manually
anytime you want)

When installing, under "Additional Options" uncheck "Install background
guard" and "Install scan via context menu". Click on update in the left menu,
then click the Start update button. After the update finishes close Ewido

Ccleaner

http://download.ccleaner.com/ccdownload.asp

Install Then close


Reboot to safe mode.

1) Restart your computer
2) After hearing your computer beep once during startup, but before the
Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.

For additional help in booting into Safe Mode, see the following site:

http://www.pchell.com/support/safemode.shtml

In Safe mode Run Ewido again. From the main menu click on 'scanner' then
click 'Complete System Scan' When ewido finds something, it will pop up a
notification. Select "Remove" and check the boxes "Perform action with all
infections" and "Create encrypted backup" then click on ok.When the scan
finishes, click on "Save Report" and save it to your desktop or c:/drive
incase you need it again.


Open SpySweeper again, click Sweep on the left side.

Click the Start button.

When it's done scanning, click the Next button.

Make sure everything has a check next to it, then click the Next button
again to remove anything thats detected.

Finally run Ccleaner and press Run Cleaner to remove temp and unused files
from your system

Reboot back to normal mode

Hopefully that will kill the Nameshifter infection but let us know if you
have any problems

All The Best

Andy

 

[Guest]

HI Andy,

I will try your suggestions, It's just so frustrating to go behind someone
who has messed up a computer...Would any of these Trojans have deleted IE,
I've got to reinstall that as well..sondra

 

[Guest]

Hey Sondra

I know what you mean, it is annoying having to clean up a heavily infected
pc especially if it was someone else who caused,

When you say you have to re-install IE do you mean you cannot access the
Internet at all on the infected pc or is it locked to a startpage which you
cannot change ? , Do you have an AntiVirus program Installed and what version
of Windows is it ? If its XP do you have Service Pack 2 installed ?. There is
plenty of options available to remove all the junk from the pc but the first
steps should be running scanners in safe mode to prevent having to remove
junk manually that can be removed by Anti-Virus or Antispyware programs, Each
Antispyware Vendor has different definition files so if the pc is badly
infected its worth running a few to take out as much as possible, If the
problems continue after that we can then use other tools to look at the pc in
more detail and make it clearer whats causing the problems.

For IE if you are getting alot of pop ups its likely there is a Internet
connection, If you can download programs on the infected pc then start with
the scanners and cleaners I post in the last reply and run them in safe mode
(Ewido, SpySweeper & Ccleaner) also try using Microsoft Antispyware in safe
mode as it will have a better chance of removing the Nameshifter problem,
Nameshifter really doesnt make it clear whats on your system as Microsoft
call alot of different malware by that name, When the Microsoft Antispy scan
is finished check where the Nameshifter file is, On the results page it
should give a path to the file if you click the plus (+) under the name, If
its in system volume information then it can easily be cleared but if it
still shows in scans after running the removers in safe mode then let us
know.

To repair IE you could try any of these methods, It really depends on if you
can access the Internet on the pc because if you can these may not be needed
also these are meant for XP so let me know if its a different version of
windows.

1.
If you have XP with Service Pack 1 then installing Service Pack 2 from
www.windowsupdate.com would repair the damage to IE but its not recommended
to do that untill the system is clean of all Infections.

2.
If you have a windows disk then you can check the protected system file
incase any are missing or damaged.
Enter the Windows disk into the CD-ROM drive.

From the Start menu, select Run.

In the Open field, type :

sfc /scannow

(Note: There is a space between sfc and /scannow)

Select the OK button.

Follow the prompts throughout the System File Checker process.

Reboot the computer when System File Checker completes.

3.
From the Start menu, select Search, select All Files and Folders.

Select More Advanced Options and place a checkmark beside Search Hidden
Files and Folders option.

Ensure that Search System Folders and Search Subfolders are also checked.

In the All or Part of the File Name box, type

ie.inf

In the Look In drop-down menu, select C: or the letter of the hard drive
that contains the Windows folder.

Click the Search button.

In the search results pane, find the ie.inf file located in Windows\Inf
folder.

Right click the ie.inf file and click Install on the context menu.

During the install it may show it requires certain files either for Service
Pack 2 or from the original XP disk , these files will be on the system in
different locations so you could use the search feature and browse to the
files then click ok on the install pop up or use the windows disk.

Reboot the computer when the file copy process is complete.

4.
Try Firefox

http://www.mozilla.com/

See if you can access the Internet through Firefox's browser.


Also check this page from Ramesh Srinivasan and see if these problems sound
similar to yours , If they are download and run IEFix from the same page and
follow the instructions given at the bottom of the screen.

http://windowsxp.mvps.org/IEFIX.htm

You probably don't need half the info' above but I wanted to provide a few
options to make things easier for you

If you havent got any Anti-Virus protection on the pc Id recommend using
CA's eTrust EZ Antivirus as it performs great and is free for Microsoft Users
for 12 months. Here's some of the main free Anti-Virus protection products.

AntiVir PersonalEdition Classic

http://www.free-av.com/


a-squared (a²) Free

http://www.emsisoft.com/en/software/free/


avast! 4 Home Edition

http://www.avast.com/eng/avast_4_home.html


AVG Free Edition

http://www.grisoft.com/doc/289/lng/us/tpl/tpl01


eTrust EZ Antivirus - 12 Month Trial Version (For Microsoft Customers)

http://www.my-etrust.com/microsoft/Default.aspx


F-Secure Anti-Virus 2006 - 6 Month Trial Version (For Microsoft Customers)

http://esd.element5.com/demoreg.html?productid=544842&languageid=1

Or again for Microsoft Customers: 50% Discount on F-Secure Anti-Virus or
Internet Security

http://www.f-secure.com/protectyourpc/


If you have any questions or problems either reply on here or email me and I
will be happy to help where I can as there is still alot of options open to
us after we have tried the basics ([email protected])

Good Luck

Andy