Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Need help removing Trojan.Startup.Nameshifter


  • Please log in to reply

#16
Cubby22

Cubby22

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
It is my laptop I use for work. I'm being very careful as to what is being done and I am reviewing the steps being done in order to make sure they're ok to do. My main goal is to remove the spyware that infected the laptop and so far what we have done appears to be working. I'm no longer getting random pop-ups and my current AV and MS Anti-spyware are no longer detecting the offending adware. If after reviewing the latest logs you are still seeing some infection, I would like to remove those as well.
  • 0

Advertisements


#17
Wizard

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
OK,lets go with what I know is not suppose to be there.


This tool made by Symantec will clean up all the leftovers of this part of the infection
http://securityrespo...moval.tool.html

Related to this--> [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"Microsoft Xp Systems loader"= winsystem32xp.exe


This entry I am assuming would be work related

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate
DisableWindowsUpdateAccess 0



As for the rest,copy the text below to a blank notepad page and save it to the desktop as rem.reg


REGEDIT4

[-HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"Microsoft Xp Systems loader"=-

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Asnn"=-

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"SV1"=""



Double click rem.reg to execute and allow it to merge into the registry.


Locate and delete if found

C:\Program Files\ardc

C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jrl.jar-562403c5-14fe233b.zip/Installer.class


Post back and let me know how these steps go and what of any added help to some security you are interested in?
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP