Ask Me Help Desk

Ask Me Help Desk (https://www.askmehelpdesk.com/forum.php)
-   Spyware, Viruses, etc. (https://www.askmehelpdesk.com/forumdisplay.php?f=477)
-   -   Issas.exe, iau.exe etc how to get rid of? (https://www.askmehelpdesk.com/showthread.php?t=7566)

  • Feb 2, 2005, 12:38 AM
    citroes
    Issas.exe, iau.exe etc how to get rid of?
    Hi

    Whenever I try to open a text file, the following files load onto my machine:

    Lssas.exe, iau.exe, mservice.exe, svshost.exe, msqdevl.exe and stisvsq.exe

    Its easy enough to remove them again with Hijackthis run in safe mode, but I cannot use my notepad anymore. Whenever I open the notepad or a *.txt file, these files end up on my hard drive in the Windows directory and registry.

    Can anyone help?

    Thanks
  • Feb 2, 2005, 04:35 AM
    fredg
    Worm
    Hi,
    You can read about this Worm here:

    http://www.trendmicro.com/vinfo/viru...WORM_AGOBOT.RL

    Your computer is infected with spyware/malware, and it will keep "rebuilding" itself until you get rid of its files, also clear it from the Registry.

    Here are steps that should get rid of it:

    If you think you already have Spyware/Advertising Ware in your computer, run these as follows:

    http://www.security-related.com/download2.htm
    Download: SpyBot Search & Destroy; 1.3

    AdAware at:
    http://www.lavasoftusa.com
    Download: AdAware_SE

    CWShredder at:
    http://www.download.com/CWShredder/3...ml?tag=lst-0-1
    (CWShredder is intended only for removal of CoolWebSearch files; placed as spyware on the harddrive). It is not a "stand alone" scan, but needs to be run.

    All 3 of the above programs run better and much faster when run in SafeMode.

    To get into SafeMode:
    Re-boot the computer, and immediately after starting up, Press and hold down, F8, at top of keypad.
    When the options show on the screen, use the up and down arrow keys on the keyboard to select
    "Safe Mode".
    Press Enter

    It's best to run the AdAware scan first; 3 times; then re-boot.
    Then, run the AdAware scan again 3 times; then run the SpyBot. Then, run CWShredder.
    Re- Boot.
    Reason for running so many times:
    Some of these trojans' files can be deleted the first time; leaving some others; but on re-boot, they re-write the files that were deleted.
    Running multiple times deletes most of it the first
    Time.

    If you wish to have a great program, after you clean out Spyware/Advertising Ware:
    SpyWare Blaster 3.2
    Great, free, program that STOPS spyware, trojans, home page hijacks, etc, BEFORE they get into your computer. Check it out at CNET at link:

    http://www.download.com/SpywareBlast...ml?tag=lst-0-2

    Two Tips:
    If you notice the little green computer lights that show your dial-up connection to the internet staying on when they shouldn't be, located on the bottom right of the system tray, disconnect immediately and run AdAware. These lights staying on means that some URL is sending or receiving spyware/advertising ware to or from your computer, most of the time.

    Other Tip: After being on the net, if you have visited any sites you don't really trust, then run AdAware BEFORE you shut down or re-start the computer. This will delete any Spyware easier, before the computer can configure it, set it up, spread it throughout the Registry, and make it more difficult to remove after re-booting.

    Best of luck,
    fredg
  • Feb 2, 2005, 06:24 AM
    citroes
    I have all those utilities already
    I have ad aware, spybot, hijack this, about buster and cwshredder and I've run them all. Like I said - I can clear those files off easily enough, by physically deleting them from the Windows directory and by running hijack this in Safe Mode. Yet whenever I try to use my notepad it comes back. ONLY when I use my notepad does it come back. After I've run all the utilities I've mentioned and I've deleted the files it is GONE - I run the spyware utilites again and it is CLEAR, until the next time I open the notepad.

    Its as if it has somehow hijacked the notepad and rebuilds itself when I try to use the notepad to create a txt file.
  • Feb 2, 2005, 06:56 AM
    SESaskDFC
    Howdy:

    The other expert gave good advice but they got the wrong trojan/worm..

    The removal will need to be done manually..

    http://www.qdeck.com/avcenter/venc/d...asysearch.html

    Murray
  • Feb 3, 2005, 06:16 AM
    fredg
    Trojan
    Hi, again,
    After more thorough research, what you have is called a Trojan Dropper.
    It affects Notepad!

    Here is a link to symantec and how to get rid of it:

    http://securityresponse.symantec.com...n.dropper.html

    Best of luck,
    fredg
  • Apr 23, 2005, 04:43 PM
    razor42069
    I got the same but its gone deeper?
    I got the same trojon doppler but...
    I have removed the infected stuff
    I can't get to some web pages
    Like :
    http://www.symantec.com/
    Or Microsoft download pages
    And the list goes on...
    Also this thing has messed up my norton sytemworks file
    I have tried to reload norton and I just get errors?
    It seems to me that the makers of this T.D.
    Have also got something else hidden in my cpu
    Any body got any good ides?
    Thanks in advance

    • All times are GMT -7. The time now is 01:35 AM.