Forum Discussion
- Mohammad_Altaf_Level 2Removal instructions
If your computer does not have an up-to-date antivirus, or does not have an antivirus solution at all, follow the instructions below to delete the malicious program:
Use Task Manager to terminate the Trojan process.
Delete the following system registrykey:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"<rnd1>" = "<rnd2>"
Delete the original Trojan file (the location will depend on how the program originally penetrated the victim machine).
Delete the following files:
%Documents and Settings%\<user_name>\Application Data\svchosts.exe
%Documents and Settings%\<user_name>\Application Data\taskmon.exe
%Documents and Settings%\<user_name>\Application Data\rundll.exe
%Documents and Settings%\<user_name>\Application Data\service.exe
%Documents and Settings%\<user_name>\Application Data\sound.exe
%Documents and Settings%\<user_name>\Application Data\upnpsvc.exe
%Documents and Settings%\<user_name>\Application Data\lsas.exe
%Documents and Settings%\<user_name>\Application Data\logon.exe
%Documents and Settings%\<user_name>\Application Data\helper.exe
%Documents and Settings%\<user_name>\Application Data\event.exe
%Documents and Settings%\<user_name>\Application Data\dumpreport.exe
%Documents and Settings%\<user_name>\Application Data\msiexeca.exe
Delete all files from %Temporary Internet Files%.
Update your antivirus databases and perform a full scan of the computer - Mohammad_Altaf_Level 2
This malicious program is a Trojan. It is a Windows PE EXE file. It is 417792 bytes in size. It is packed using UPX. The unpacked file is approximately 439KB in size. It is written in C++.
Installation
Once launched, the Trojan copies its body to the current user’s Windows startup directory:
%Documents and Settings%\<user_name>\Main Menu\Programs\Startup\uninstall.exe
Payload
Once the victim machine has been rebooted, the Trojan extracts a file from itself. The file will have one of the names shown below:
%Documents and Settings%\<user_name>\Application Data\svchosts.exe
%Documents and Settings%\<user_name>\Application Data\taskmon.exe
%Documents and Settings%\<user_name>\Application Data\rundll.exe
%Documents and Settings%\<user_name>\Application Data\service.exe
%Documents and Settings%\<user_name>\Application Data\sound.exe
%Documents and Settings%\<user_name>\Application Data\upnpsvc.exe
%Documents and Settings%\<user_name>\Application Data\lsas.exe
%Documents and Settings%\<user_name>\Application Data\logon.exe
%Documents and Settings%\<user_name>\Application Data\helper.exe
%Documents and Settings%\<user_name>\Application Data\event.exe
%Documents and Settings%\<user_name>\Application Data\dumpreport.exe
%Documents and Settings%\<user_name>\Application Data\msiexeca.exe
This file is 404992 bytes in size. It will be detected by Anti-Virus as Trojan-Downloader.Win32.Agent.aoth.
In order to ensure that the Trojan is launched automatically each time the system is rebooted, the Trojan places a link to the file it extracted from its body in the system registry:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"<rnd1>" = "<rnd2>"
<rnd1> is a name chosen from the list below:
CrashDump
EventLog
Init
lsass
Regscan
RunDll
Setup
Sound
svchosts
System
TaskMon
UPNP
Windows
<rnd> is the path to the file extracted from the Trojan shown in the list above.
Once the Trojan had delivered its payload, it will delete both its body and its copy "%Documents and Settings%\\Main Menu\Programs\Startup\uninstall.exe".
This Trojan will not run on Russian versions of Windows.
- Mohammad_Altaf_Level 2https://www-secure.symantec.com/connect/blogs/live-scenario-how-w32sality-infects-uses-machine
- Hi,
Best way to remove trojan is to run sdat updated patch in cmd.
1) make one scan folder in c drive and paste sdat5620.exe and extract in your c drive itself.
1) start ur pc in safemode with command prompt.
2)go to c drive and tye following command as
C:\>cd scan
C:\scan>scan/adl/all/clean/repair/delete/analyze/program/report/scan.txt and press enter key.
the above command will start scanning your hard drive and it will clean and delete virus.
path to download sdat patch is given below.
http://www.mcafee.com/apps/downloads/security_updates/superdat.asp?region=us&segment=enterprise
Thanks and Regards,
Nitin Salvi - Ajit_JhaLevel 6I would suggest u to run the loadpoint utility and analyse the log and on the basis of analyzing upload the suspeciuos file to submit.symantec.com/gold
- sbertramLevel 3Hi did you run any free online scanners. One you can run is from Trend Micro called House call, link is below. See if that cleans up the mess.
Good luck.
http://housecall.trendmicro.com/
Hello, does anybody know how to delete this virus from computer?
I don't have a anti-virus protection, and i bought avira anti-virus security, but windows doesn't want to instal this program (avira anti-virus) and my cousin brought me one program for deleting viruses, but he founded 20 other viruses, and not the TROJAN.ASPX.JS.32 and my computer works so slow and i can't do much with him.
Does anybody knows how to delete this virus? Or do i need some program for deleting or there is another way? Thanks again!!!- deepak_vasudevaLevel 6Please start up your Symantec Program and ensure it says the virus patterns are uptodate. Then either selective folder or a full system scan. That should cure the malady.
If you do not have an AV tool installed can you follow the removal instructions below:
Removal instructions
If your computer does not have an up-to-date antivirus, or does not have an antivirus solution at all, follow the instructions below to delete the malicious program:
- Use Task Manager to terminate the Trojan process.
-
Delete the following system registry key:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"<rnd1>" = "<rnd2>" - Delete the original Trojan file (the location will depend on how the program originally penetrated the victim machine).
-
Delete the following files:
%Documents and Settings%\<user_name>\Application Data\svchosts.exe
%Documents and Settings%\<user_name>\Application Data\taskmon.exe
%Documents and Settings%\<user_name>\Application Data\rundll.exe
%Documents and Settings%\<user_name>\Application Data\service.exe
%Documents and Settings%\<user_name>\Application Data\sound.exe
%Documents and Settings%\<user_name>\Application Data\upnpsvc.exe
%Documents and Settings%\<user_name>\Application Data\lsas.exe
%Documents and Settings%\<user_name>\Application Data\logon.exe
%Documents and Settings%\<user_name>\Application Data\helper.exe
%Documents and Settings%\<user_name>\Application Data\event.exe
%Documents and Settings%\<user_name>\Application Data\dumpreport.exe
%Documents and Settings%\<user_name>\Application Data\msiexeca.exe - Delete all files from %Temporary Internet Files%.
- Update your antivirus databases and perform a full scan of the computer
- As soon as possible download an AV and install it.
Source Courtesy: http://www.securelist.com/en/descriptions/6256927/Trojan.Win32.Agent.azsy
- yivokas556Level 0
Dr. Pragya Goel is the leading Obstetrician (Obstetrics is the field of study concentrated on pregnancy, childbirth and the postpartum period) and the best Gynecologist in Chandigarh. She offers the latest and state of the art cutting-edge treatments for various gynecological conditions.
Ensuring the latest and advanced practices and experts to help you through your ailments. Dr. Pragya Goel is highly experienced Gynecologist doctor in Chandigarh with over 18 years of clinical experience. She is an expert in Handling High risk Pregnancy, Infertility Treatment, Adolescent Healthcare, Minimally Invasive Laparoscopic & Gynecological Surgeries. Offering Holistic treatment and facilities encompassing all aspects of women and baby healthcare.Address : Cloudnine Hospital, Plot no. 48, 2, Industrial Area Phase II, Chandigarh, 160002
Website : https://www.drpragyagoel.com/
Related Content
- 15 years ago
- 2 years ago
- 14 years ago