Sign in with
Sign up | Sign in
Your question

LSA Shell & Infected, embedded Trojan horse Dropper.Agent...

Last response: in Windows XP
Share
Anonymous
June 8, 2005 3:11:05 PM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

I am trying to clean up a lady's computer - I've gone through a whole bunch
of tests: online scans, Sysclean, AVG, AdAware, SpyBot, etc. Gotten rid of
most infected files, but AVG still shows one that I'm not sure how to get rid
of.
On the report, it says that it is an Infected, embedded object. It is a
Trojan horse Dropper.Agent.6.W and is found in file:
C:\WINDOWS\system32\config\systemprofile\LocalSettings\TemporaryInternetFiles\Content.IE5\8D69EN49\flew[1].exe:\dreese.exe.
Help! I've tried looking on AVG virus search, on Google etc. Can't seem to
find out how to get rid of it. I tried Disk Cleanup and downloaded the
CleanUp!4.0 program to get rid of Temp.Int.Files, but it still shows up in
AVG test report.

Also, occassionally, an error message shows up. I was not sure if it was
from a virus, so I've been concentrating on cleaning up the infections. The
box will pop up: LSA Shell (Export Version) as a title and will say that the
lsass.exe was terminated unexpectedly. Shortly after that, the System
Shutdown box will pop up and give me about a minute before shutting down. It
says, along with closing and saving any open files, etc, authorized by NT
AUTHORITY\SYSTEM. Is this due to viruses, or is there more of a problem with
Windows XP?? I'm pretty sure this is only happening when I'm trying to
download stuff. I have not had a chance to do any Windows Updates yet on
this computer.
I would like to return this computer to this lady uninfected, so any ideas
are greatly appreciated.

Running SpyBot, I get "Error during check" notice and underneath - Xuron55
.... WINDOWS\win.ini kann nicht geoffnet werden but when I hit Fix Selected
Problems, that ends up with a big green check, also. Any ideas??
--
Barb Zakrzewski
June 8, 2005 6:30:03 PM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

can't help you with a solve.
* but there's some talk about the Trojan on another site.
If you ask there, they may be able to help you out. seems friendly enough,
over there. =
http://www.geekstogo.com/forum/Ceres_and_Popup_problems...

* some further software to try
stinger, free McAfee standalone last-ditch scanner.
http://vil.nai.com/vil/stinger/
spyware doctor, is a spy/malware scanner that has been getting very good
reviews. there's a free version of it. main drawback of it, is that you'll
have to manually update. https://www.pctools.com/spyware-doctor/


"Barbara Z" wrote:

> I am trying to clean up a lady's computer - I've gone through a whole bunch
> of tests: online scans, Sysclean, AVG, AdAware, SpyBot, etc. Gotten rid of
> most infected files, but AVG still shows one that I'm not sure how to get rid
> of.
> On the report, it says that it is an Infected, embedded object. It is a
> Trojan horse Dropper.Agent.6.W and is found in file:
> C:\WINDOWS\system32\config\systemprofile\LocalSettings\TemporaryInternetFiles\Content.IE5\8D69EN49\flew[1].exe:\dreese.exe.
> Help! I've tried looking on AVG virus search, on Google etc. Can't seem to
> find out how to get rid of it. I tried Disk Cleanup and downloaded the
> CleanUp!4.0 program to get rid of Temp.Int.Files, but it still shows up in
> AVG test report.
>
> Also, occassionally, an error message shows up. I was not sure if it was
> from a virus, so I've been concentrating on cleaning up the infections. The
> box will pop up: LSA Shell (Export Version) as a title and will say that the
> lsass.exe was terminated unexpectedly. Shortly after that, the System
> Shutdown box will pop up and give me about a minute before shutting down. It
> says, along with closing and saving any open files, etc, authorized by NT
> AUTHORITY\SYSTEM. Is this due to viruses, or is there more of a problem with
> Windows XP?? I'm pretty sure this is only happening when I'm trying to
> download stuff. I have not had a chance to do any Windows Updates yet on
> this computer.
> I would like to return this computer to this lady uninfected, so any ideas
> are greatly appreciated.
>
> Running SpyBot, I get "Error during check" notice and underneath - Xuron55
> ... WINDOWS\win.ini kann nicht geoffnet werden but when I hit Fix Selected
> Problems, that ends up with a big green check, also. Any ideas??
> --
> Barb Zakrzewski
!