wsrv.dll

Discussion in 'malware problems & news' started by Mercury, Sep 15, 2004.

Thread Status:
Not open for further replies.
  1. Mercury

    Mercury Registered Member

    Joined:
    Jul 17, 2004
    Posts:
    12
    Location:
    United States
    i got a message from my AV (norton) saying that a backdoor trojan called wsrv.dll was detected. tryed doing some google searcehs on how to remove it but no luck. any help would be appreciated. thanks!
     
  2. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    This is detected by Norton as Backdoor.Trojan see here


    Can you take the following steps:


    Step 1. Install Zone Alarm (free) – Firewall with visual outgoing alerts to see what is trying to access the internet.
    http://www.zonelabs.com


    Step 2. Download Stinger available here: do NOT run this YET.
    http://vil.nai.com/vil/stinger/


    Step 3. Turn OFF System Restore, this process depends on your operating system:


    Windows XP Instructions

    1. Right click on the "My Computer" icon on the Windows desktop
    2. Click "Properties"
    3. Click on the "System Restore"
    4. Place a tick in "Turn off System Restore on all Drives"
    5. Click OK
    6. Close and restart your system.


    OR


    Windows ME Instructions

    1. Right click on the "My Computer" icon on the Windows desktop
    2. Click "Properties"
    3. Click on "Performance"
    4. Click "File system"
    5. Click "Troubleshooting"
    6. Check "Disable system restore"
    7. Click on OK
    8. Close and restart your system.


    Step 4. Delete your TEMP files by doing the following: open up Internet Explorer> Tools> Internet Options> General TAB> Temporary Internet Files> Delete Files> Delete All Offline Content.


    Step 5. Restart your system again in “SAFE MODE” by pressing/tapping F8 while booting up


    Step 6. Run a scan with your current Anti-virus program – MAKE SURE IT IS FULLY UP TO DATE with the latest virus signatures.


    Step 7. Run a scan with “Stinger” the program you downloaded above.


    Step 8. Reboot your system into normal mode.


    Step 9. Run a further online scan found here: http://housecall.trendmicro.com/


    When everything is clean, it is recommended that you turn System Restore back on.


    Step 10. Install update and run the LATEST Spybot Search and Destroy (free) – Spyware removal and protection, with registry monitor.
    http://beam.to/spybotsd


    Step 11. Install update and run the LATEST Adaware (free) – Spyware removal. What Spybot Search and Destroy doesn’t pick up, this will.
    http://www.lavasoftusa.com


    Step 12. Install and run CWShredder available here:
    https://www.wilderssecurity.com/showthread.php?t=14086


    Step 13. Make sure your Windows is FULLY up-to-date by doing the following: While on the Internet, Click on Internet Explorer (the Blue “e”), Click on Tools (on the bar at the top of your screen in Internet Explorer), Click on Windows Update. This will take you to the Microsoft Windows Update page where you need to follow the on screen prompts, starting with “Scan for Updates”. Install ALL “Critical Updates” and “Service Packs”.

    WEEKLY – check this is “Up to Date”.



    REPEAT ALL THE ABOVE STEPS, this time EVERYTHING should come up clean…



    IF the above does NOT fix your problem please download and run Hijack This found here:

    https://www.wilderssecurity.com/showthread.php?t=12516


    and post your log at one of the forums found here:

    http://a-sap.org/


    Keep in mind the following quote:


    For the most part what I have suggested fixes the greater majority of problems out there...


    When your system is clean you may want to take a look here:

    https://www.wilderssecurity.com/showthread.php?t=45284&page=1&pp=25

    for further discussion on security and how to make your system that much stronger.


    and here for more discussions:

    https://www.wilderssecurity.com/showthread.php?t=43117


    Hope this helps…

    Let us know how you go…

    Cheers :D
     
  3. Mercury

    Mercury Registered Member

    Joined:
    Jul 17, 2004
    Posts:
    12
    Location:
    United States
    thank you for your reply... im going to try it out now...
     
  4. Mercury

    Mercury Registered Member

    Joined:
    Jul 17, 2004
    Posts:
    12
    Location:
    United States
    thanks for the help.. but no luck.. i did run HijackThis and posted the log on Tech Support Guy Forums. thanks again!
     
  5. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Would appreciate knowing how you go...

    Cheers :D
     
Thread Status:
Not open for further replies.