tds-3 scann.... c:\windows\system32\winlspak.dll ???

Discussion in 'Trojan Defence Suite' started by Griogair, Nov 18, 2004.

Thread Status:
Not open for further replies.
  1. Griogair

    Griogair Registered Member

    Joined:
    Jun 3, 2004
    Posts:
    80
    Location:
    kilmarnock, scotland
    hullo!

    i ran tds-3 and uncovered a number of problems,all of which i deleted..apart from 1 called 'Adware VirtuMonde' o_O which would not delete....does any1 have any ideas??


    thanks
    griogair!!! :D
     
  2. snapdragin

    snapdragin Administrator

    Joined:
    Feb 16, 2002
    Posts:
    8,415
    Location:
    Southern Ont., Canada
    Hi Griogair,

    Pieter Arntz has a write-up in the link below for a list of the files involved along with several links with removal instructions at the bottom of that post:
    (See Post 30 - VirtuMonde aka Troj/AgentSpy)
    https://www.wilderssecurity.com/showthread.php?t=15983&page=2

    Several variants of VirtuMonde are detected and removed by anti-spyware programs, one being Ad-Aware SE Personal, which I believe you have a copy of. Please make sure it is up-to-date. You can try scanning with Ad-Aware while in Safe Mode and disconnected from the internet, fix what it finds, reboot your computer normally, then do another scan and see if anything more is detected.

    Winlspak.dll is a malware file and part of Virtumundo adware. It puts itself in the LSP chain and will need careful removing if the anti-spyware programs did not remove it successfully.

    Since some of the variants of this adware/malware do monitor their registry keys, they can reinstall them if not completely removed from the system. I also noticed you had had an earlier problem with VX2, which can also be difficult to remove completely. The best suggestion I can give you would be to go to one of the sites that do HijackThis log analysis and spyware cleaning, and follow up there with posting a log for review.

    As you know we no longer do HijackThis log analysis and adware/spyware cleaning here at Wilders, but you can find a list of sites that still do HijackThis review in this Announcement post.

    TDS-3 does detect some adware/spyware now, so if you could also submit the files to submit@diamondcs.com.au they can add them to their database for detection.

    Regards,

    snap
     
Thread Status:
Not open for further replies.