Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 944
  • Last Modified:

clean trojan psw in win-7

How to remove Trojan PSW infected objects in Win-7 environment?
0
wimbre042
Asked:
wimbre042
2 Solutions
 
willcompCommented:
Trojan PSW is a generic term for password stealing trojans and encompasses a number of different variants.

Do you have a more specific description and which AV program identified it?

Without further information, I recommend that you try using MalWareBytes AntiMalware (MBAM). The free version is sufficient. http://www.malwarebytes.org/mbam.php

0
 
Muhammad Ahmad ImranDatabase DeveloperCommented:
1) The associated processes of  Trojan-PSW.Win32.LdPinch.arxm to be stoped are listed below:

   %Temp%\dzp1.tmp\PPTVIEW.EXE


2) The registry entries of Trojan-PSW.Win32.LdPinch.arxm that need to be removed are listed as follows (Take Note: Back up the Windows registry before editing it, so that you can quickly restore it later if something goes wrong.):

    %Temp%\dzp1.tmp\INTLDATE.DLL
    %Temp%\dzp1.tmp\msvcm80.dll
    %Temp%\dzp1.tmp\msvcp80.dll
    %Temp%\dzp1.tmp\MSVCR80.dll
    %Temp%\dzp1.tmp\OGL.DLL
    %Temp%\dzp1.tmp\PPVWINTL.DLL
    %Temp%\dzp1.tmp\SAEXT.DLL
    %Temp%\dzp1.tmp\microsoft.vc80.crt.manifest
    %Temp%\dzp1.tmp\PPTVIEW.EXE
    %Temp%\dzp1.tmp\pptview.exe.manifest
    %Temp%\dzp1.tmp\[filename of the sample #1 without extension].pps
0
 
alfaroCommented:
If this infection is stopping you from running Malwarebytes or other cleaners then Combofix is worth trying. http://www.bleepingcomputer.com/download/anti-virus/combofix

If you can't run Combofix or any spyware/virus programs because of this infection i often remove the drive and install it in another computer and manually remove the entries such as those shown above, or by running something like Malwarebytes and scanning the drive in that other computer. Just select the drive letter assigned (say G for arguments sake) and that should remove it.

Software like Knoppix or Bart's PE are also good for booting the infected machine and removing the infection manually that way.
0
NEW Internet Security Report Now Available!

WatchGuard’s Threat Lab is a group of dedicated threat researchers committed to helping you stay ahead of the bad guys by providing in-depth analysis of the top security threats to your network.  Check out this quarters report on the threats that shook the industry in Q4 2017.

 
willcompCommented:
ComboFix (CF) will not run on a 64 bit OS. If you have 64 bit Win7, CF is not an option.
0
 
wimbre042Author Commented:
Recovery: Installed MBAM from flash drive while in SAFE Mode. Fullscan located 1 Trojan, e.g., SecurityTool Fraud!Gen4 --- deleted file
Rebooted and installed Norton Anti-Virus 2011 -- repeated scan and located Variant Trojan -- 05367.exe in the following directory: Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Security Tool.lnk which pointed to SecurityToolFraud!Gen4
Norton QUARANTINED the file 05367.exe

ComboFix would not work as stated, e.g., 64Bit processor

Problem is resolved -- Thanks
0
 
willcompCommented:
Glad you got it resolved.

MBAM is a valuable tool in fighting malware. I do recommend that you run it in normal mode when possible or use safe mode with networking to allow for installing updates.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

The 14th Annual Expert Award Winners

The results are in! Meet the top members of our 2017 Expert Awards. Congratulations to all who qualified!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now