Help! Trojan In Winstlr32.exe/lzma_solid_nsis0005 / 0006

maklamakan
maklamakan
in Malware talk

Hi there,


I have a detected trojan and since then I had some irregularity with my online banking and the Bit Defender software cannot update. Even the google topics having o do with bit defender or ad-aware are diverted to silly sites. no way to get rid of that without killing the whole partition???


I have stopped all active x and live updates (which do not work anyway) and deleted the file C:\WINDOWS\system32\winstlr32.exe with unlocker. Since then the trojan is not shown on the scan of BD - but the program still cant update and explorer still messes around.


There is a second thread "C:\RECYCLER\..."???, which I do not understand at all - does it have sthg. to do with it???


whole log line:


C:\RECYCLER\S-1-5-21-725345543-179605362-2147187605-500\Dc93.tmp=>(JAVASCRIPT) Suspect: Exploit.PDF-JS.Gen


and the trojans:


C:\WINDOWS\system32\winstlr32.exe=>(NSIS o)=>lzma_solid_nsis0005 Infected: Trojan.Generic.218680


C:\WINDOWS\system32\winstlr32.exe=>(NSIS o)=>lzma_solid_nsis0005 Disinfection failed


C:\WINDOWS\system32\winstlr32.exe=>(NSIS o)=>lzma_solid_nsis0005 Move failed


C:\WINDOWS\system32\winstlr32.exe=>(NSIS o)=>lzma_solid_nsis0006 Detected: Adware.VB


C:\WINDOWS\system32\winstlr32.exe=>(NSIS o)=>lzma_solid_nsis0006 Disinfection failed


C:\WINDOWS\system32\winstlr32.exe=>(NSIS o)=>lzma_solid_nsis0006 Move failed


Would be very pleased for some hints, to help eliminating the problem without a whole new setup.


Thanks in advance and a merry X-Mas to all of you!!!


CIAO

Comments

  • csalgau
    csalgau ✭✭

    Trojan.Generic.218680 is a browser helper object. If the infection is still present to some degree, you might see differences in online bank applications.


    Please provide an AVIS and a GMER log so we can further investigate.

  • maklamakan
    maklamakan

    ??? provide an AVIS and a GMER log ????


    how to create this? will do asap!


    what about this?:C:\RECYCLER\S-1-5-21-725345543-179605362-2147187605-500\Dc93.tmp=>(JAVASCRIPT) Suspect: Exploit.PDF-JS.Gen


    (meanwhile: all installed virus software are blocked to update! Trying again with new)


    thanks so far.

  • csalgau
    csalgau ✭✭

    You may download BitDefender AVIS here. Select the System Info tab and select create log then attach the generated file.


    Gmer may be downloaded from gmer.net.

  • maklamakan
    maklamakan

    log is attached as zip:


    bs_sys_log.xml.zip


    thx

  • alexcrist
    alexcrist

    Try attaching the file again, please. There is no file attached to your post.


    Cris.

All Time Leaders

Categories

Defenders of the month