Adware.VirtuMonde lspak.dll

Discussion in 'Trojan Defence Suite' started by poogimmal, Jul 30, 2004.

Thread Status:
Not open for further replies.
  1. poogimmal

    poogimmal Registered Member

    Joined:
    May 7, 2004
    Posts:
    79
    I got a call from a friend running XP _Pro who advised that her computer suddenly was running slow and full of popups and misdirected IE URLs. I literally found hundreds of malcoded spyware and assorted nasties, and was able to remove most before I tried a demo TDS3 on her XP. TDS3 found 4 more and I was able to delete 3, but TDS3 could not delete \system32\lspak.dll which TDS3 ID'd as Adware.VirtuMonde. (and there may be some other still hidden exploit in there?). symtoms include two running but in background IE processes, which are very hard to kill, and same with 1 MSN_messenger background process. TDS3 could not delete lspak.dll, and neither could I manually. Lavasoft Adaware would find 1 misdirected IE hijack in registry which it would "fix" only to find it reappear. something is running reinstalling these nasties. somewhat curious to me that TDS3 can and will ID this lspak.dll as trojan but that it cannot kill or delete it. anyone know how to permanently remove this nasty. also my friend claims that NAV 2004 with current defs was running at the time, and a NAV scan will also find this nasty but it also cannot repair, fix or delete it.
     
  2. dvk01

    dvk01 Global Moderator

    Joined:
    Oct 9, 2003
    Posts:
    3,131
    Location:
    Loughton, Essex. UK
    With most of these problems you should disconnect from the net, DISABLE the antivirus, especially Norton as that will lock the file and prevent TDS deleting it

    then run a full system scan with TDS and then you should find it will find and cure the problem

    let us know if that helps please
     
  3. Gavin - DiamondCS

    Gavin - DiamondCS Former DCS Moderator

    Joined:
    Feb 10, 2002
    Posts:
    2,080
    Location:
    Perth, Western Australia
    You might lose connectivity if you fix this is as it is a LSP driver

    Grab LSPFix, it should appear in there and can be fixed
    http://www.cexx.org/lspfix.htm

    Once fixed and you reboot the file itself will be freed up for deletion
     
  4. poogimmal

    poogimmal Registered Member

    Joined:
    May 7, 2004
    Posts:
    79
    thanks to Derek & Gavin for ideas to eliminate this
    nasty. will try as you suggest and update with
    results.
    somewhat unclear re Gavin comment about lspak.dll
    being a LSP driver. I'm not 100% sure what that is,
    and you say it as if it is perhaps supposed to be on
    XP system, but I checked with a noninfected XP box
    and the lspak.dll is not found on that system.
    but will plunge ahead ! btw, the infected XP connects
    with DSL line, and installed phone company software
    for making the connection in some association with
    yahoo, which looks like it also installed broadjump
    bloated 'spyware.' I will happily remove unnecessary
    stuff.
    thanks and will update.
     
Thread Status:
Not open for further replies.