LSA Shell & Infected, embedded Trojan horse Dropper.Agent.6.W

From: Barbara Z (BarbaraZ_at_discussions.microsoft.com)
Date: 06/08/05 

Date: Wed, 8 Jun 2005 11:11:05 -0700

I am trying to clean up a lady's computer - I've gone through a whole bunch
of tests: online scans, Sysclean, AVG, AdAware, SpyBot, etc. Gotten rid of
most infected files, but AVG still shows one that I'm not sure how to get rid
of.
On the report, it says that it is an Infected, embedded object. It is a
Trojan horse Dropper.Agent.6.W and is found in file:
C:\WINDOWS\system32\config\systemprofile\LocalSettings\TemporaryInternetFiles\Content.IE5\8D69EN49\flew[1].exe:\dreese.exe.
 Help! I've tried looking on AVG virus search, on Google etc. Can't seem to
find out how to get rid of it. I tried Disk Cleanup and downloaded the
CleanUp!4.0 program to get rid of Temp.Int.Files, but it still shows up in
AVG test report.

Also, occassionally, an error message shows up. I was not sure if it was
from a virus, so I've been concentrating on cleaning up the infections. The
box will pop up: LSA Shell (Export Version) as a title and will say that the
lsass.exe was terminated unexpectedly. Shortly after that, the System
Shutdown box will pop up and give me about a minute before shutting down. It
says, along with closing and saving any open files, etc, authorized by NT
AUTHORITY\SYSTEM. Is this due to viruses, or is there more of a problem with
Windows XP?? I'm pretty sure this is only happening when I'm trying to
download stuff. I have not had a chance to do any Windows Updates yet on
this computer.
I would like to return this computer to this lady uninfected, so any ideas
are greatly appreciated.

Running SpyBot, I get "Error during check" notice and underneath - Xuron55
... WINDOWS\win.ini kann nicht geoffnet werden but when I hit Fix Selected
Problems, that ends up with a big green check, also. Any ideas?? 

-- 
Barb Zakrzewski

Relevant Pages

  • RE: LSA Shell & Infected, embedded Trojan horse Dropper.Agent.6.W
    ... but there's some talk about the Trojan on another site. ... but AVG still shows one that I'm not sure how to get rid ... so I've been concentrating on cleaning up the infections. ...
    (microsoft.public.windowsxp.security_admin)
  • Re: OT-Malware/Virus-What to do
    ... that gets rid of some stuff but not permanently. ... I just rid my 2 computers of AVG 8.0. ... Avira and both computers are much happier. ... router firewall, ...
    (rec.music.makers.guitar.jazz)
  • Re: Help undoing virus damage
    ... I was able to get rid of it pretty quickly with AVG, ... that whenever you open an .exe program on your computer it will open ... "Don't pick a fight with an old man. ...
    (microsoft.public.windows.vista.general)
  • Re: Google Bug ?
    ... Scanned with Registry Mechanic, got rid of a couple of items, and found one ... of the files I get a reading error with when AVG scans. ... > Your problem is the Xoftspy application, that program is known to delete ...
    (microsoft.public.windowsxp.help_and_support)
  • Stupid, know nothing, should stick to watching football, begginer
    ... Dyfica AO and to do AVG for windows. ... I know I have a trojan horse because:- ... me that I could not get rid of these "things" because ...
    (microsoft.public.scripting.virus.discussion)