Continue to Site

Welcome to EDAboard.com

Welcome to our site! EDAboard.com is an international Electronics Discussion Forum focused on EDA software, circuits, schematics, books, theory, papers, asic, pld, 8051, DSP, Network, RF, Analog Design, PCB, Service Manuals... and a whole lot more! To participate you need to register. Registration is free. Click here to register now.

Register Log in

CHINESE HELP FOR TROJAN VIRUS

Status
Not open for further replies.
P

palesha

Full Member level 2
Joined
Apr 16, 2001
Messages
142
Helped
6
Reputation
12
Reaction score
2
Trophy points
1,298
Activity points
923
I hv got pwsteal.lemir.gen virus in my office computer. It creates Lsas.bmp file in windows directory. Then it jams Norton antivitrus screen. U hv to close norton antivirus by ctrl+alt+delete.
I hv tried to remove it but after restart once more lsas.bmp is created and same story as above is repeated. I am not able to remove it. When searched on google the all sites having info r in chinese. Hence i request my chinese friends to help me to remove above mentioned virus.
 

Hi,
If Norton does not work, try a proggy call Trojan Remover 6.2.8.
You can download its eval copy from www.simplysup.com
 

I can read Chinese, but, not a windows user... So, some of the terms may not be accurate.... Here is hte translated manual removal instruction.

1) Make the system to show all the hidden system files
MyComputer->Tools->Folder Options. Click the "view" tab.
Clear "Hide file extensions for known file types."
Under the "Hidden files" folder, select "Show hidden files and folders."
Clear "Hide protected operating system files."
Click Apply, and then click OK.

2) press [Ctrl+Alt+Del] to activate the tasklist. Find out the
EXPL0RER.EXE. Note: the fifth character is Number "0", not letter "O".
Do the next step quick. Or else the trojan will re-spawn.

3) Go the the windows director (e.g. c:\winnt. I abbreviate that as SYS)
Check under \SYS\System32 for EXPL0RER.EXE (again, the fifth character is number 0), SysModule32.dll, SysModule64.dll. Wish you can delete all three. If it says "file in use", repeat step 2.

4) check under \SYS for MFCD3O.DLL and delete it.

5) Launch "Regedit"
Find the key「HKEY_CLASSES_ROOT\CLSID\ {081FE200-A103-11D7-A46D-C770E4459F2F}」,and delete the whole「{081FE200-A103-11D7-A46D- C770E4459F2F}」key。

6) Restart the machine and check for \SYS\MFCD3O.DLL. If it still exists, delete it.

You should be fine after then.
 

Status
Not open for further replies.

Similar threads

Part and Inventory Search

Welcome to EDABoard.com

Sponsor

Back
Top