Windows cannot find ssttr.exe

[childofthe1980s]

Hello:

Just now, I fixed my brother in law's computer. He had downloaded a virus
about a month back and he was not able to get on certain web sites. Long
story short, I fixed that issue and and my nephews are very happy!

He does not seem to have any other problems except for one interesting item.
Every time the machine is rebooted and we login, we get the message "Windows
cannot find the file ssttr.exe in C:\WINDOWS\System32\ssttr.exe."

I deleted this file, as a web site stated that this is a "bad" file. But,
this message still comes up upon reboot.

It is not a huge problem and most worries seem to be gone. But, it would be
nice to get rid of this error.

I have run AdAware, Spybot, and even the new Windows Defender program that
Microsoft has. No success.

Any ideas?

childofthe1980s

 

[Gerry]

The file was part of the infestation. The redundant registry entry can
be safely removed using Autoruns (freeware).

http://www.microsoft.com/technet/sysinternals/ProcessesAndThreads/Autoruns.mspx

With Autoruns you can uncheck an item, which disables it from starting,
or you can can right click an item and then delete it. If you uncheck
you can recheck to re-enable the item. It is a much safer approach than
editing the Registry. Another useful feature of the programme is that
you can right click an item and select Search Online to get information
about the item selected.


--



Hope this helps.

Gerry
~~~~
FCA
Stourport, England
Enquire, plan and execute
~~~~~~~~~~~~~~~~~~~

 

[childofthe1980s]

Gerry:

That did it! Thank you, so much! You were very helpful!

childofthe1980s

 

[nass]

Yes, Autoruns is a great tool, but you removed the entry not the causer of
the entry, they (malware) like octopus with many testicles never end until
you cut the head off.

Go through these Cleaning steps:
1... First, try to clean up your caches, Internet files and delete cookies
by doing this:
Click Start >> Control Panel >> Double click Network and Internet
Connections >> Double click Internet Options.
On the IE properties windows you will see these Tabs:
General | Security | Privacy | Content | Connections | Programs |
Advanced
Under General Tab clear your History, Internet Files and Cookies.
Then click on Advanced tab and scroll down to under the Browsing Option:
[&] Browsing
[ ] Enable Third-Party browser extensions (Req Rest) uncheck this box.
Then click on Programs Tab and click Manage Add-Ons and Disable all non
Verified Add-Ons (You should Renable them later one-by-one and see the
culprit and update it or remove it.
How to manage Add-Ons:
http://support.microsoft.com/kb/883256
Scan for malware from here:
SuperAntispyware - Free
http://www.superantispyware.com/superantispywarefreevspro.html

Run a scan from here on-line:
http://security.symantec.com/sscv6/default.asp?langid=ie&venid=sym
http://www3.ca.com/securityadvisor/virusinfo/scan.aspx
Download Avast Cleaner (offline scanner) from here:
http://www.avast.com/eng/avast-virus-cleaner.html

Lots of tools to download and disinfect your machine (offline scanner):
http://www.bitdefender.co.uk/site/Downloads/browseFreeRemovalTool/

After the scan run disk cleanup on your drive.


2- Download the Hijackthis and send the report to one of many
forums for analysis and troubleshooting:
http://www.merijn.org/index.php
When all else fails, HijackThis v2.0.2
(http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis) is
the preferred tool to use.
It will help you to both identify and remove any hijackware/spyware. Post
your log to http://aumha.net/viewforum.php?f=30,
http://castlecops.com/forum67.html,
http://forums.subratam.org/index.php?showforum=7, or other appropriate
forums for expert analysis, not here.
HTH.
nass

 

[Gerry]

Nass

You are I think being overenthusiastic. This is an orphaned start up
entry left after the malware has been removed.

Read the original post.


--
Regards.

Gerry
~~~~
FCA
Stourport, England
Enquire, plan and execute
~~~~~~~~~~~~~~~~~~~

Yes, Autoruns is a great tool, but you removed the entry not the
causer of the entry, they (malware) like octopus with many testicles
never end until you cut the head off.

Go through these Cleaning steps:
1... First, try to clean up your caches, Internet files and delete
cookies by doing this:
Click Start >> Control Panel >> Double click Network and Internet
Connections >> Double click Internet Options.
On the IE properties windows you will see these Tabs:
General | Security | Privacy | Content | Connections | Programs |
Advanced
Under General Tab clear your History, Internet Files and Cookies.
Then click on Advanced tab and scroll down to under the Browsing
Option: [&] Browsing
[ ] Enable Third-Party browser extensions (Req Rest) uncheck this
box. Then click on Programs Tab and click Manage Add-Ons and Disable
all non Verified Add-Ons (You should Renable them later one-by-one
and see the culprit and update it or remove it.
How to manage Add-Ons:
http://support.microsoft.com/kb/883256
Scan for malware from here:
SuperAntispyware - Free
http://www.superantispyware.com/superantispywarefreevspro.html

Run a scan from here on-line:
http://security.symantec.com/sscv6/default.asp?langid=ie&venid=sym
http://www3.ca.com/securityadvisor/virusinfo/scan.aspx
Download Avast Cleaner (offline scanner) from here:
http://www.avast.com/eng/avast-virus-cleaner.html

Lots of tools to download and disinfect your machine (offline
scanner):
http://www.bitdefender.co.uk/site/Downloads/browseFreeRemovalTool/

After the scan run disk cleanup on your drive.


2- Download the Hijackthis and send the report to one of many
forums for analysis and troubleshooting:
http://www.merijn.org/index.php
When all else fails, HijackThis v2.0.2
(http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis)
is the preferred tool to use.
It will help you to both identify and remove any hijackware/spyware.
Post your log to http://aumha.net/viewforum.php?f=30,
http://castlecops.com/forum67.html,
http://forums.subratam.org/index.php?showforum=7, or other appropriate
forums for expert analysis, not here.
HTH.
nass
----
http://www.nasstec.co.uk

Gerry:

That did it! Thank you, so much! You were very helpful!

childofthe1980s

 

[nass]

Hi Gerry,
No I'm not Overenthusiastic, viral infection can change and we seen this in
the past, and every day the virus behaviour can change before and after the
AV scan.
Viruses can and will deceive or mock/cone the AV to avoid detection with
changing names and paths, also it create a script (not big some Bytes) to
resurrect itself on each boot up and gain control of the system.
Or the least it will leave an open port to come back in another shape!.
HTH
Sleep well don't have nightmares <just a joke no offence>
nass

Nass

You are I think being overenthusiastic. This is an orphaned start up
entry left after the malware has been removed.

Read the original post.


--
Regards.

Gerry
~~~~
FCA
Stourport, England
Enquire, plan and execute
~~~~~~~~~~~~~~~~~~~

Yes, Autoruns is a great tool, but you removed the entry not the
causer of the entry, they (malware) like octopus with many testicles
never end until you cut the head off.

Go through these Cleaning steps:
1... First, try to clean up your caches, Internet files and delete
cookies by doing this:
Click Start >> Control Panel >> Double click Network and Internet
Connections >> Double click Internet Options.
On the IE properties windows you will see these Tabs:
General | Security | Privacy | Content | Connections | Programs |
Advanced
Under General Tab clear your History, Internet Files and Cookies.
Then click on Advanced tab and scroll down to under the Browsing
Option: [&] Browsing
[ ] Enable Third-Party browser extensions (Req Rest) uncheck this
box. Then click on Programs Tab and click Manage Add-Ons and Disable
all non Verified Add-Ons (You should Renable them later one-by-one
and see the culprit and update it or remove it.
How to manage Add-Ons:
http://support.microsoft.com/kb/883256
Scan for malware from here:
SuperAntispyware - Free
http://www.superantispyware.com/superantispywarefreevspro.html

Run a scan from here on-line:
http://security.symantec.com/sscv6/default.asp?langid=ie&venid=sym
http://www3.ca.com/securityadvisor/virusinfo/scan.aspx
Download Avast Cleaner (offline scanner) from here:
http://www.avast.com/eng/avast-virus-cleaner.html

Lots of tools to download and disinfect your machine (offline
scanner):
http://www.bitdefender.co.uk/site/Downloads/browseFreeRemovalTool/

After the scan run disk cleanup on your drive.


2- Download the Hijackthis and send the report to one of many
forums for analysis and troubleshooting:
http://www.merijn.org/index.php
When all else fails, HijackThis v2.0.2
(http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis)
is the preferred tool to use.
It will help you to both identify and remove any hijackware/spyware.
Post your log to http://aumha.net/viewforum.php?f=30,
http://castlecops.com/forum67.html,
http://forums.subratam.org/index.php?showforum=7, or other appropriate
forums for expert analysis, not here.
HTH.
nass
----
http://www.nasstec.co.uk

Gerry:

That did it! Thank you, so much! You were very helpful!

childofthe1980s

:


The file was part of the infestation. The redundant registry entry
can be safely removed using Autoruns (freeware).

http://www.microsoft.com/technet/sysinternals/ProcessesAndThreads/Autoruns.mspx

With Autoruns you can uncheck an item, which disables it from
starting, or you can can right click an item and then delete it. If
you uncheck you can recheck to re-enable the item. It is a much
safer approach than editing the Registry. Another useful feature of
the programme is that you can right click an item and select Search
Online to get information about the item selected.


--



Hope this helps.

Gerry
~~~~
FCA
Stourport, England
Enquire, plan and execute
~~~~~~~~~~~~~~~~~~~

childofthe1980s wrote:
Hello:

Just now, I fixed my brother in law's computer. He had downloaded
a virus about a month back and he was not able to get on certain
web sites. Long story short, I fixed that issue and and my
nephews are very happy!

He does not seem to have any other problems except for one
interesting item. Every time the machine is rebooted and we login,
we get the message "Windows cannot find the file ssttr.exe in
C:\WINDOWS\System32\ssttr.exe."

I deleted this file, as a web site stated that this is a "bad"
file. But, this message still comes up upon reboot.

It is not a huge problem and most worries seem to be gone. But, it
would be nice to get rid of this error.

I have run AdAware, Spybot, and even the new Windows Defender
program that Microsoft has. No success.

Any ideas?

childofthe1980s

 

[mhc]

Yes, Autoruns is a great tool, but you removed the entry not the causer of
the entry, they (malware) like octopus with many testicles never end until
you cut the head off.

Freudian Slip or typo?

 

[nass]

Freudian Slip or typo?

entschuldigen beta was das?.

 

[Gerry]

Nass

Just admit you got the bends going too deep to check on your friend
Ollie.


--
Regards.

Gerry
~~~~
FCA
Stourport, England
Enquire, plan and execute
~~~~~~~~~~~~~~~~~~~

 

[David B.]

"octopus with many testicles" LOL, bet the female octopi like him!

--

----
Crosspost, do not multipost http://www.blakjak.demon.co.uk/mul_crss.htm
How to ask a question http://support.microsoft.com/kb/555375
_________________________________________________________________________________

Yes, Autoruns is a great tool, but you removed the entry not the causer of
the entry, they (malware) like octopus with many testicles never end
until
you cut the head off.

Go through these Cleaning steps:
1... First, try to clean up your caches, Internet files and delete cookies
by doing this:
Click Start >> Control Panel >> Double click Network and Internet
Connections >> Double click Internet Options.
On the IE properties windows you will see these Tabs:
General | Security | Privacy | Content | Connections | Programs |
Advanced
Under General Tab clear your History, Internet Files and Cookies.
Then click on Advanced tab and scroll down to under the Browsing Option:
[&] Browsing
[ ] Enable Third-Party browser extensions (Req Rest) uncheck this box.
Then click on Programs Tab and click Manage Add-Ons and Disable all non
Verified Add-Ons (You should Renable them later one-by-one and see the
culprit and update it or remove it.
How to manage Add-Ons:
http://support.microsoft.com/kb/883256
Scan for malware from here:
SuperAntispyware - Free
http://www.superantispyware.com/superantispywarefreevspro.html

Run a scan from here on-line:
http://security.symantec.com/sscv6/default.asp?langid=ie&venid=sym
http://www3.ca.com/securityadvisor/virusinfo/scan.aspx
Download Avast Cleaner (offline scanner) from here:
http://www.avast.com/eng/avast-virus-cleaner.html

Lots of tools to download and disinfect your machine (offline scanner):
http://www.bitdefender.co.uk/site/Downloads/browseFreeRemovalTool/

After the scan run disk cleanup on your drive.


2- Download the Hijackthis and send the report to one of many
forums for analysis and troubleshooting:
http://www.merijn.org/index.php
When all else fails, HijackThis v2.0.2
(http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis)
is
the preferred tool to use.
It will help you to both identify and remove any hijackware/spyware. Post
your log to http://aumha.net/viewforum.php?f=30,
http://castlecops.com/forum67.html,
http://forums.subratam.org/index.php?showforum=7, or other appropriate
forums for expert analysis, not here.
HTH.
nass
----
http://www.nasstec.co.uk

Gerry:

That did it! Thank you, so much! You were very helpful!

childofthe1980s

 

[nass]

Ok Gerry, Ollie got your message and we are going deep fishing lol

 

[nass]

Oh my Gush no body can make a Mistoks these days!.

I meant tentacles as in Cuttlefish but my mind been in deep down under ( in
the ocean), Yeah She like him to bits I guess!.. <G>

 

[David B.]

Sorry, didn't mean to rag on ya, just gave me a good laugh.

 

[nass]

No argo Dave I'm having a laugh too..

Sorry, didn't mean to rag on ya, just gave me a good laugh.