I recently updated my adobe flash player, and there after began having problems, primarily with my internet explorer (which i don’t use), “fake” Trojan alerts on all firewalls and Avast, and with a windows error to do with sshnas.dll. after some research i found out that it may be a virus that accompanies the adobe flash update or install file. this is the link I found: http://www.myantispyware.com/2009/12/02/how-to-remove-sshnas-dll-trojan-remove-trojan-fakealert/, it describes my problem in perfect detail, but before i continue i need to find out if this is a reliable method of removal, not another part of the Trojan infection (people tend to get very clever with Trojans) :-[
"fake" Trojan alerts on all firewalls and Avast,all firewalls ?....... you mean that you have more than one installed, only install/run one firewall.....
Try this
Malwarebytes Anti-Malware 1.46 http://filehippo.com/download_malwarebytes_anti_malware/
always run update before you scan so you have the latest database
click on the remove selected button to quarantine anything found
you may post the scan log here
I just have Avast installed, and the windows firewall that runs. nothing else installed. thanks though, will get right on it
I am not sure where to add to this post. Customer called me claiming he had a virus alert. I took control of his pc, only to see hwat appeared to be a fake alert (similar to the fake AVG alert, but this time it was saying avast. I quickly checked his real time shields and nothing was showing as detected, This confimed my belief that it was a fake alert. I closed each screen on his desktopm, and immediatekly ran update malware bytes, full scan…
Results:
two infected files: Trojan.downloader
from log:
Files Infected:
c:\Windows\System32\config\systemprofile\AppData\Local\microsoft\Windows\temporary internet files\Content.IE5\0PS72R2M\sjnlgn[1].htm (Trojan.Downloader) → Quarantined and deleted successfully.
c:\Windows\SysWOW64\config\systemprofile\AppData\Local\microsoft\Windows\temporary internet files\Content.IE5\0PS72R2M\sjnlgn[1].htm (Trojan.Downloader) → Quarantined and deleted successfully.
will reboot and see if removal succesful? will follow up
Steve
After complete reboot, and full malwate run, the client ( and I, via remote are still seeing the false pop up screen…very discouarging? Please help
A full scan with Mbam will usually pick up the rogues. Check the registry under RUN for executables running on startup, usually out of temp folders. Also, try a different scanner.
I have run malware bytes, and deleted infected files and rebooted as per malware instructions. I even ran TFT to completely delete temp files. I then ran a boot scan with avast, and still the fake alerts seem to be popping up. Oh yeah, i even restored the computer to an earlier date when running correctly with system restore. I can not think of anything else short of a complete re-install, which on a sony vaio laptop without recover disks is going to be a pain in the ass. I have been a huge fan of avast and install it on all my clients computers, I may have to re-consider
Steve
Note: I have heard that AVG can find and remove the fake avast alert…is this so. should i temporarily uninstall AVAST, install AVG and run a full scan. Do you think this might help?
You should have started a new topic and not starting one inside somone elses
If you want, you can let Essexboy have a look inside…
He will be in the forum later, about 8:pm to 11:59pm uk time
if so, do this
Follow this guide from our expert malware remover Essexboy
http://forum.avast.com/index.php?topic=53253.0
(post the logs here in this topic and not in the guide)
To avoid using multiple post with copy and paste you have to attach the log`s
Lower left corner: Additional Options > Attach ( OTL.Txt. / Extras.Txt.)
I apologize Pondus for starting this post in the wrong place…I will go to virus and worms " new topic" correct? and re-post there
Thank you
Steve
sshnas21.dll belongs to a frequently updated rogue family (previous variants were detected as MalOb-BR and MalOb-BX)… recent versions are detected as Renosa-A and MalOb-EA… these detections are constantly fine-tuned to cover new variants… you’ve probably had a bad luck when facing a new/updated variant before it was covered… this may happen sometimes… I seriously suspect the flash player update - it was probably a fake update, which is one of common ways to spread rogues…