Trojan Help

  Dirk Diggler 09:16 23 Dec 2008
Locked

Request for help please - in two parts if I may

I appear to have picked up a Trojan Horse, AVG identified it and I asked it to remove it

However, when I log on I get a pop up box stating:
=============================================
RunDLL
Error loading C\Windows\System32\ssqRLCsQ.dll
The specified module could not be found
=============================================

I am guessing that although AVG thought it had dealt with it there is a run command left in the registry

I also am now regularly getting threat alerts from AVG about TDSScrrx.dll (and other variations of)

I have also noticed the following suspicious processes running in task manager

==============
NclIVTBTSrv.exe
NclRSSrv.exe
NclUSBsrv.exe
==============

So the first question obviously is does anyone have any idea how I can remove this little bleeder altogether?

I have (through a fair bit of googling identified what is possibly the registry key that is running on startup as:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\NDrv = \ndrv.exe

When I try and go into regedit I get the message stating "Registry editing has been disabled by your administrator"

However, I am the main user of the PC (there are two other user accounts) but my account type is set to Administrator!!

So secondly, what do I need to change to allow me access to regedit

OS is Vista Home Premium

Many thanks in advance

  rdave13 09:34 23 Dec 2008

Have a read here; especially method three; click here .
I'd run mbam in safemode to look for the trojan, click here
Clean up with Ccleaner; click here

  birdface 10:07 23 Dec 2008
  birdface 10:09 23 Dec 2008

Looks like they are all for Nokia.NclIVTBTSrv.exe
NclRSSrv.exe
NclUSBsrv.exe

  birdface 10:13 23 Dec 2008

This looks like your first one click here .Previx charges you for removing anything.So maybe better trying something else.Maybe run your scans in safe mode followed by C Cleaner.

  Terry Brown 10:21 23 Dec 2008

I have always found a2free click here from EMSI soft very good at removing stubborn viruses and trogans.
You can either load it to your hard drive or run from a CD (with a cd you will not be able to update the virus checker)
Terry

  Dirk Diggler 10:29 23 Dec 2008

Thanks so far everyone

I can obviously now rule out the "suspicious" processes which are related to Nokia (thanks buteman)

I have run Ccleaner and it has removed lots of temp files but didnt find anything in the registry that it thought suspicious

I also went through the list of startup programs in Ccleaner and checked them and again there was nothing there so relate to "ssqRLCsQ.dll"

One other minor annoyance is that I have noticed images & logos in IE and email are not displaying, I am just getting a white box with a ting coloured square in the top left (possibly related??)

I did try and run TrendMicro Housecall but it would not run as it said I didnt have Java enabled (despite downloading the latest runtime environment - again.. possibly related?)

  birdface 12:00 23 Dec 2008

Not 100% sure.But right click Toolbar and make sure Links are ticked.Or while in there,Go to add remove commands,And anything you want displayed move from the left box into the right box. Well thats how you do it in XP.If still having problems maybe go to .Tools.Internet Options.Advanced.And press reset.That puts IE7 back to its original state.Maybe only try that as a last resort.

  Dirk Diggler 08:56 24 Dec 2008

Once again many thanks - all images are now displaying correctly

Just the C\Windows.......\ssqRLCsQ.dll to fix now and I can relax for crimbo

Cheers

  birdface 09:39 24 Dec 2008

Sorry Dirk Diggler I can't help with that one.Can't find a lot about it.Prevx is the only safe site that gives you information about it.And they want paid to remove anything.Now AVG has had a problem with false positives.So maybe try the AVG Forum for advice on that one .Not sure if you can contact them direct if using the free version.

  birdface 09:57 24 Dec 2008

Just wonder if it was a false positive and it was mistaken for this one. object name : C:\WINDOWS\system32\ssqrq.dll
Virus Name : Trojan.Vundo

This thread is now locked and can not be replied to.

Elsewhere on IDG sites

Xiaomi Mi Mix 2 review

Halloween Photoshop & Illustrator tutorials: 20 step-by-step guides to creating spook-tacular…

iPhone X news: Release date, price, new features & specs

Comment créer, modifier et réinitialiser un compte Apple ?