yah i have thise trogen named eapp32hst.dll everytime i delete it it comes back can you help me
Have you tried Malwarebytes ?
Malwarebytes Anti-Malware 1.46 http://filehippo.com/download_malwarebytes_anti_malware/
always update so you have latest database before you scan
click the remove selected button to quarantine anything found
you may post the scan log here if anything is found
you may also run SAS
SuperAntiSpyware 4.43.1000 http://filehippo.com/download_superantispyware/
SUPERAntiSpyware file info
EAPP32HST.DLL - Trojan.Dropper/Gen-NV
http://www.superantispyware.com/malwarefiles/EAPP32HST.DLL.html
VirusTotal - 23/43
http://www.virustotal.com/file-scan/report.html?id=ca90414cf2db537b2b8d455fe36acb0b3831be139c631efe5194c17c0a85552b-1284725333
Hi saibat3,
Eapp32hst.dll is Trojan/Backdoor.
Kill the file eapp32hst.dll and remove eapp32hst.dll from Windows startup.
Eapp32hst.dll registered as a Dynamic Link Library File and is Trojan/Backdoor, commonly located as the temp files in windows temp folder. We suggest you to remove eapp32hst.dll from your computer as soon as possible. For delete eapp32hst.dll virus file you need restart you computer to safe mode and kill the file directly. Following is the full description of the file:
eapp32hst.dll sample submitted on 2010-09-22 and identified as a threat.
Alias:
Threat File:eapp32hst.dll
Submit time:2010-09-22
Excute time:8 min 40 sec
Level of Spread:3
Level of Threat:6
type:Trojan.Win32.TDSS
Filesize:66K Bytes
0K Bytes
15491K Bytes
Files type
eapp32hst.dll is a A dynamic-link library,which acts as a shared library of functions.
MD5:6e1qPk6n7RGKtFobrLd88SsOv82lT27I
SHA1…:04Lyx6S7DaiL0gw3am4GFT0v1HP6cNEjH7M2g0bE
Path:
%Temp%\eapp32hst.dll
C:\Documents and Settings\my name\LOCALS\Temp\eapp32hst.dll …
C:\Users\Jamie\AppData\Local\Temp\eapp32hst.dll
Report Countries:
Israel
France
Antivirus Program Report:
AVG7 : Trojan-Ransom.Win32.Hexzone.tt
Can be cleansed with the use of MBAM, download from here: http://www.malwarebytes.org/mbam-download.php
MBAM will unload and delete this malware on reboot.
The log after the sacn will look something like this:
Will find: Infected mem processes: 1
Mem modules infected: 1
Registerkeys infected: 0
Registervalues infected: 3
Files infected: 9 look for AppData\Local\temp\dfrgsnapnt.exe (Trojan.FakeAlert) → Unloaded process successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\dfrgsnapnt.exe (Trojan.FakeAlert) → Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\24d1ca9a-a864-4f7b-86fe-495eb56529d8 (Malware.Trace) → Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\7bde84a2-f58f-46ec-9eac-f1f90fead080 (Malware.Trace) → Quarantined and deleted successfully.
C:\Users\Victim\AppData\Local\temp\eapp32hst.dll (Trojan.FakeAV) → Delete on reboot.
C:\Users\VictimppData\Local\temp\dfrgsnapnt.exe (Trojan.FakeAlert) → Quarantined and deleted successfully.
C:\Users\Victim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chkntfs.exe (Trojan.Dropper) → Delete on reboot.
C:\Users\Victim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\monmvr32.exe (Trojan.Downloader) → Quarantined and deleted successfully.
C:\Users\Victim\AppData\Local\temp~TM36F1.tmp (Trojan.Downloader) → Quarantined and deleted successfully.
C:\Users\Victim\AppData\Local\temp\tmp58C9.tmp.exe (Trojan.Agent.Gen) → Quarantined and deleted successfully.
C:\Users\Victim\AppData\Local\temp\tmpF575.tmp.exe (Trojan.Agent.Gen) → Quarantined and deleted successfully.
C:\Users\Victim\AppData\Local\temp\topwesitjh (Trojan.FakeAlert) → Quarantined and deleted successfully.
C:\Users\Victim\AppData\Roaming\apiqfw.dat (Malware.Trace) → Quarantined and deleted successfully.
That is what it should look like more or less after the MBAM scan,
polonus