[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now

x
?
Solved

clean trojan psw in win-7

Posted on 2010-11-20
6
Medium Priority
?
935 Views
Last Modified: 2013-11-30
How to remove Trojan PSW infected objects in Win-7 environment?
0
Comment
Question by:wimbre042
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 32

Accepted Solution

by:
willcomp earned 2000 total points
ID: 34180336
Trojan PSW is a generic term for password stealing trojans and encompasses a number of different variants.

Do you have a more specific description and which AV program identified it?

Without further information, I recommend that you try using MalWareBytes AntiMalware (MBAM). The free version is sufficient. http://www.malwarebytes.org/mbam.php

0
 
LVL 14

Expert Comment

by:Muhammad Ahmad Imran
ID: 34180359
1) The associated processes of  Trojan-PSW.Win32.LdPinch.arxm to be stoped are listed below:

   %Temp%\dzp1.tmp\PPTVIEW.EXE


2) The registry entries of Trojan-PSW.Win32.LdPinch.arxm that need to be removed are listed as follows (Take Note: Back up the Windows registry before editing it, so that you can quickly restore it later if something goes wrong.):

    %Temp%\dzp1.tmp\INTLDATE.DLL
    %Temp%\dzp1.tmp\msvcm80.dll
    %Temp%\dzp1.tmp\msvcp80.dll
    %Temp%\dzp1.tmp\MSVCR80.dll
    %Temp%\dzp1.tmp\OGL.DLL
    %Temp%\dzp1.tmp\PPVWINTL.DLL
    %Temp%\dzp1.tmp\SAEXT.DLL
    %Temp%\dzp1.tmp\microsoft.vc80.crt.manifest
    %Temp%\dzp1.tmp\PPTVIEW.EXE
    %Temp%\dzp1.tmp\pptview.exe.manifest
    %Temp%\dzp1.tmp\[filename of the sample #1 without extension].pps
0
 

Expert Comment

by:alfaro
ID: 34180394
If this infection is stopping you from running Malwarebytes or other cleaners then Combofix is worth trying. http://www.bleepingcomputer.com/download/anti-virus/combofix

If you can't run Combofix or any spyware/virus programs because of this infection i often remove the drive and install it in another computer and manually remove the entries such as those shown above, or by running something like Malwarebytes and scanning the drive in that other computer. Just select the drive letter assigned (say G for arguments sake) and that should remove it.

Software like Knoppix or Bart's PE are also good for booting the infected machine and removing the infection manually that way.
0
Cyber Threats to Small Businesses (Part 2)

The evolving cybersecurity landscape presents SMBs with a host of new threats to their clients, their data, and their bottom line. In part 2 of this blog series, learn three quick processes Webroot’s CISO, Gary Hayslip, recommends to help small businesses beat modern threats.

 
LVL 32

Assisted Solution

by:willcomp
willcomp earned 2000 total points
ID: 34180412
ComboFix (CF) will not run on a 64 bit OS. If you have 64 bit Win7, CF is not an option.
0
 

Author Closing Comment

by:wimbre042
ID: 34181084
Recovery: Installed MBAM from flash drive while in SAFE Mode. Fullscan located 1 Trojan, e.g., SecurityTool Fraud!Gen4 --- deleted file
Rebooted and installed Norton Anti-Virus 2011 -- repeated scan and located Variant Trojan -- 05367.exe in the following directory: Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Security Tool.lnk which pointed to SecurityToolFraud!Gen4
Norton QUARANTINED the file 05367.exe

ComboFix would not work as stated, e.g., 64Bit processor

Problem is resolved -- Thanks
0
 
LVL 32

Expert Comment

by:willcomp
ID: 34181212
Glad you got it resolved.

MBAM is a valuable tool in fighting malware. I do recommend that you run it in normal mode when possible or use safe mode with networking to allow for installing updates.
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

HOW TO REMOTELY CLEAN MEROND.O WITH ESET SILENTLY PROBLEM       If you have the fortunate luck to contract the Merond.O virus on your network, it can be quite troublesome to remove as it propagates to network shares on your network. In my case, the …
This article investigates the question of whether a computer can really be cleaned once it has been infected, and what the best ways of cleaning a computer might be (in this author's opinion).
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
Finding and deleting duplicate (picture) files can be a time consuming task. My wife and I, our three kids and their families all share one dilemma: Managing our pictures. Between desktops, laptops, phones, tablets, and cameras; over the last decade…

656 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question