PWSteal.Tarno.L

Viruses and worms
1

I ran NoAdware v5.0 and it found PWSteal.Tarno.L and I am thinking things that go along with it.

When I ran avast it did not show up. Any advice on how to get rid of it? I have run ad aware and it quarantined some things but the NoAdware is still showing that it is there. Am not sure what to do here so any advice would be appreciated.

thanks

2

Although, NoAdware was de-listed from Spyware Warrior, I wouldn’t use it.

I think you should try a better anti-spyware program:

SuperAntiSpyware Free
MalwareByte’s Anti-Malware
Spyware Terminator (Note: If you use this, uncheck Crawler Toolbar, add on, and ClamAV module at installation.)

3

Hi kareno,

Here is the manual removal instruction for this malware:

  1. Disable System Restore (Windows Me/XP/Vista).

See: www.pchell.com/virus/systemrestore.shtml

  1. Download MBAM from here: http://download.bleepingcomputer.com/malwarebytes/mbam-setup.exe

  2. Run a full system scan and delete all the files detected as Infostealer.Tarno.L.

  3. Delete the value that was added to the registry… To delete the value from the registry

Important: We strongly recommends that you back up the registry before making any changes to it. Incorrect changes to the registry can result in permanent data loss or corrupted files. Modify the specified keys only. Read the document, “How to make a backup of the Windows registry,” for instructions. See attached picture:

  1. Click Start > Run.

  2. Type regedit

    Then click OK.

  3. Navigate to the key and delete the following values:

    HKEY_CLASSES_ROOT\IEHlprObj.IEHlprObj
    HKEY_CLASSES_ROOT\IEHlprObj.IEHlprObj.1
    HKEY_CLASSES_ROOT\CLSID{FD8953C6-823F-46ab-8669-3B2BBF3A9210}
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper{FD8953C6-823F-46ab-8669-3B2BBF3A9210}
    HKEY_CLASSES_ROOT\TypeLib{A17C62F9-907A-4C34-B52A-11B55D190901}
    HKEY_CLASSES_ROOT\Interface{4988321C-EEC5-4EE7-BDE5-986823C4868B}

For Windows NT/2000/XP/2003

In Windows NT/2000/XP/2003 you will also need to edit the following registry entry. Please read the warning about editing the registry. Backup your existing registry first, see instruction below:

At the taskbar, click Start|Run. Type ‘Regedit’ and press Return. The registry editor opens.

Before you edit the registry, you should make a backup. On the ‘Registry’ menu, click ‘Export Registry File’. In the ‘Export range’ panel, click ‘All’, then save your registry as Backup.

Locate the HKEY_LOCAL_MACHINE entry:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
rvf
\x~v\url_mon32.exe

and delete it if it exists.

Close the registry editor.

4

ty both very much…

I ran avast, trendmicro, 3 different spywares and it didnt pick it up only the no-adware.

I did download the malware one that was suggested.

ty both so much for your input both of you it is greatly appreciated.