Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works

Need help removing Trojan.Startup.Nameshifter

  • Please log in to reply



    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
It is my laptop I use for work. I'm being very careful as to what is being done and I am reviewing the steps being done in order to make sure they're ok to do. My main goal is to remove the spyware that infected the laptop and so far what we have done appears to be working. I'm no longer getting random pop-ups and my current AV and MS Anti-spyware are no longer detecting the offending adware. If after reviewing the latest logs you are still seeing some infection, I would like to remove those as well.
  • 0




    Retired Staff

  • Retired Staff
  • 5,661 posts
OK,lets go with what I know is not suppose to be there.

This tool made by Symantec will clean up all the leftovers of this part of the infection

Related to this--> [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"Microsoft Xp Systems loader"= winsystem32xp.exe

This entry I am assuming would be work related

DisableWindowsUpdateAccess 0

As for the rest,copy the text below to a blank notepad page and save it to the desktop as rem.reg



"Microsoft Xp Systems loader"=-


[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]

Double click rem.reg to execute and allow it to merge into the registry.

Locate and delete if found

C:\Program Files\ardc

C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jrl.jar-562403c5-14fe233b.zip/Installer.class

Post back and let me know how these steps go and what of any added help to some security you are interested in?
  • 0

Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP