i got a message from my AV (norton) saying that a backdoor trojan called wsrv.dll was detected. tryed doing some google searcehs on how to remove it but no luck. any help would be appreciated. thanks!
This is detected by Norton as Backdoor.Trojan see here Can you take the following steps: Step 1. Install Zone Alarm (free) – Firewall with visual outgoing alerts to see what is trying to access the internet. http://www.zonelabs.com Step 2. Download Stinger available here: do NOT run this YET. http://vil.nai.com/vil/stinger/ Step 3. Turn OFF System Restore, this process depends on your operating system: Windows XP Instructions 1. Right click on the "My Computer" icon on the Windows desktop 2. Click "Properties" 3. Click on the "System Restore" 4. Place a tick in "Turn off System Restore on all Drives" 5. Click OK 6. Close and restart your system. OR Windows ME Instructions 1. Right click on the "My Computer" icon on the Windows desktop 2. Click "Properties" 3. Click on "Performance" 4. Click "File system" 5. Click "Troubleshooting" 6. Check "Disable system restore" 7. Click on OK 8. Close and restart your system. Step 4. Delete your TEMP files by doing the following: open up Internet Explorer> Tools> Internet Options> General TAB> Temporary Internet Files> Delete Files> Delete All Offline Content. Step 5. Restart your system again in “SAFE MODE” by pressing/tapping F8 while booting up Step 6. Run a scan with your current Anti-virus program – MAKE SURE IT IS FULLY UP TO DATE with the latest virus signatures. Step 7. Run a scan with “Stinger” the program you downloaded above. Step 8. Reboot your system into normal mode. Step 9. Run a further online scan found here: http://housecall.trendmicro.com/ When everything is clean, it is recommended that you turn System Restore back on. Step 10. Install update and run the LATEST Spybot Search and Destroy (free) – Spyware removal and protection, with registry monitor. http://beam.to/spybotsd Step 11. Install update and run the LATEST Adaware (free) – Spyware removal. What Spybot Search and Destroy doesn’t pick up, this will. http://www.lavasoftusa.com Step 12. Install and run CWShredder available here: https://www.wilderssecurity.com/showthread.php?t=14086 Step 13. Make sure your Windows is FULLY up-to-date by doing the following: While on the Internet, Click on Internet Explorer (the Blue “e”), Click on Tools (on the bar at the top of your screen in Internet Explorer), Click on Windows Update. This will take you to the Microsoft Windows Update page where you need to follow the on screen prompts, starting with “Scan for Updates”. Install ALL “Critical Updates” and “Service Packs”. WEEKLY – check this is “Up to Date”. REPEAT ALL THE ABOVE STEPS, this time EVERYTHING should come up clean… IF the above does NOT fix your problem please download and run Hijack This found here: https://www.wilderssecurity.com/showthread.php?t=12516 and post your log at one of the forums found here: http://a-sap.org/ Keep in mind the following quote: For the most part what I have suggested fixes the greater majority of problems out there... When your system is clean you may want to take a look here: https://www.wilderssecurity.com/showthread.php?t=45284&page=1&pp=25 for further discussion on security and how to make your system that much stronger. and here for more discussions: https://www.wilderssecurity.com/showthread.php?t=43117 Hope this helps… Let us know how you go… Cheers
thanks for the help.. but no luck.. i did run HijackThis and posted the log on Tech Support Guy Forums. thanks again!