Comments on: Dangerous Trojan Removal Guide https://spyware-techie.com/dangerous-trojan-removal-guide A techie’s take on Spyware. Mon, 14 Oct 2024 08:58:00 +0000 hourly 1 http://wordpress.org/?v=3.5 By: Cordzill https://spyware-techie.com/dangerous-trojan-removal-guide#comment-6039 Cordzill Thu, 12 Jun 2008 12:37:21 +0000 http://www.spyware-techie.com/dangerous-trojan-removal-guide/#comment-6039 Hey,

So I had a very similar thing occur to me over the last few days, and have finally gotten rid of it. Assumably the above works fine (from the comments posted) but for those who were in my shoes, with lovely "dangerous trogan" messages trying to download IEAV.exe (or something around those lines), here is what I did:

1. Tracked events in Windows Defender (of all things) and found the following:

---------------------------

Description:
This program has potentially unwanted behavior.

Advice:
Permit this detected item only if you trust the program or the software publisher.

Resources:
clsid:
HKLM\SOFTWARE\CLASSES\CLSID\{50AB4474-F8B5-4F66-BAC5-4251E765B827}

regkey:
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{50AB4474-F8B5-4F66-BAC5-4251E765B827}

regkey:
HKLM\SOFTWARE\CLASSES\TYPELIB\{6549E485-C533-4E58-BA92-9FBCD2F6E839}\1.0

regkey:
HKLM\SOFTWARE\CLASSES\CLSID\{50AB4474-F8B5-4F66-BAC5-4251E765B827}

bho:
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{50AB4474-F8B5-4F66-BAC5-4251E765B827}

typelibversion:
HKLM\SOFTWARE\CLASSES\TYPELIB\{6549E485-C533-4E58-BA92-9FBCD2F6E839}\1.0

file:
C:\WINDOWS\tupost32.dll

--------------------------------------

2. Now I am not sure if the registry info here is common for all cases, but i proceeded to open RegEdit (Start Menu --> run --> Regedit)

3. Find the keys above in the registry (HKLM = HKey_Local_Machine) and delete them.

4. Tupost32.dll is still in my windows folder at this stage as I am unsure of its function, however the popup warning messages have stopped.

This was done after numerous software scans which didnt seam to solve the problem.

I hope this helps some people and makes a bit of sense. I am by no means a computer wizz, so am unaware if I have done the 'right' thing, but have undoubtedly managed to solve the problem at hand.

]]> By: cez https://spyware-techie.com/dangerous-trojan-removal-guide#comment-3469 cez Sun, 13 Apr 2008 21:32:24 +0000 http://www.spyware-techie.com/dangerous-trojan-removal-guide/#comment-3469 Thank you.

I didn't have safe search on in google. Clicked something by accident ended up on that icky site and was infected. Bing Bang Boom! Sheesh. First one in almost three years!

The removal tool worked like a charm!

A note to those looking for help via google, even tho the trojan hijacks the hyperlink you can still cut and paste the url from the listing.

cez

]]> By: Sridhar https://spyware-techie.com/dangerous-trojan-removal-guide#comment-3446 Sridhar Sun, 13 Apr 2008 06:31:28 +0000 http://www.spyware-techie.com/dangerous-trojan-removal-guide/#comment-3446 great job done. it worked

]]>