Help - Search - Members - Calendar
Full Version: Help! Trojan In Winstlr32.exe/lzma_solid_nsis0005 / 0006
BitDefender Forum > English > Old Forum Topics > Malware Talk
maklamakan
Dec 23 2008, 11:15 PM
Hi there,

I have a detected trojan and since then I had some irregularity with my online banking and the Bit Defender software cannot update. Even the google topics having o do with bit defender or ad-aware are diverted to silly sites. no way to get rid of that without killing the whole partition???

I have stopped all active x and live updates (which do not work anyway) and deleted the file C:\WINDOWS\system32\winstlr32.exe with unlocker. Since then the trojan is not shown on the scan of BD - but the program still cant update and explorer still messes around.

There is a second thread "C:\RECYCLER\..."???, which I do not understand at all - does it have sthg. to do with it???

whole log line:
C:\RECYCLER\S-1-5-21-725345543-179605362-2147187605-500\Dc93.tmp=>(JAVASCRIPT) Suspect: Exploit.PDF-JS.Gen

and the trojans:
C:\WINDOWS\system32\winstlr32.exe=>(NSIS o)=>lzma_solid_nsis0005 Infected: Trojan.Generic.218680
C:\WINDOWS\system32\winstlr32.exe=>(NSIS o)=>lzma_solid_nsis0005 Disinfection failed
C:\WINDOWS\system32\winstlr32.exe=>(NSIS o)=>lzma_solid_nsis0005 Move failed
C:\WINDOWS\system32\winstlr32.exe=>(NSIS o)=>lzma_solid_nsis0006 Detected: Adware.VB
C:\WINDOWS\system32\winstlr32.exe=>(NSIS o)=>lzma_solid_nsis0006 Disinfection failed
C:\WINDOWS\system32\winstlr32.exe=>(NSIS o)=>lzma_solid_nsis0006 Move failed

Would be very pleased for some hints, to help eliminating the problem without a whole new setup.

Thanks in advance and a merry X-Mas to all of you!!!

CIAO
Catalin Salgau
Dec 24 2008, 01:46 AM
Trojan.Generic.218680 is a browser helper object. If the infection is still present to some degree, you might see differences in online bank applications.
Please provide an AVIS and a GMER log so we can further investigate.
maklamakan
Dec 24 2008, 04:45 AM
??? provide an AVIS and a GMER log ????

how to create this? will do asap!

what about this?:C:\RECYCLER\S-1-5-21-725345543-179605362-2147187605-500\Dc93.tmp=>(JAVASCRIPT) Suspect: Exploit.PDF-JS.Gen

(meanwhile: all installed virus software are blocked to update! Trying again with new)

thanks so far.
Catalin Salgau
Dec 24 2008, 05:35 AM
You may download BitDefender AVIS here. Select the System Info tab and select create log then attach the generated file.
Gmer may be downloaded from gmer.net.
maklamakan
Dec 24 2008, 04:16 PM
log is attached as zip:
bs_sys_log.xml.zip
thx
Cris
Dec 24 2008, 04:59 PM
Try attaching the file again, please. There is no file attached to your post.

Cris.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
Invision Power Board © 2001-2009 Invision Power Services, Inc.