download trogjan lsd_f3.dll

jeffa · Cadet Joined: May 30, 2004 Posts: 5 Location: USA

Hello,

My computer (windows 2000) has been infected with the download trojan lsd_f3.dll.

I have done virus scans in both regular and safe mode and have been unable to quarrantine or delete the virus. I have also tried to delete it manually in both modes but have been unsuccessful.

Another issue I am having which may or may not be related is that I am constantly being asked via a popup if "If would like to install programs like activex and its components".

Please advise if you can assist me.

Thanks

My Hijackthis log is as follows :

Logfile of HijackThis v1.97.7
Scan saved at 11:46:26 AM, on 5/30/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Administrator\Desktop\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.optonline.com/
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [CreateCD50] "C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe" -r
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [mswspl] C:\Program Files\Windows Media Player\wmplayer.exe
O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKLM\..\Run: [Windows Update] C:\WINNT\mstaskss.exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
O9 - Extra button: AIM (HKLM)
O16 - DPF: Yahoo! Backgammon - http://download.games.yahoo.com/games/clients/y/at0_x.cab
O16 - DPF: Yahoo! Word Racer - http://download.games.yahoo.com/games/clients/y/wt0_x.cab
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab
O16 - DPF: {928626A3-6B98-11CF-90B4-00AA00A4011F} (SurroundVideoCtrl Object) - http://autos.msn.com/components/ocx/survid/MSSurVid.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/C...6431365741
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bu...eRdxIE.cab
O16 - DPF: {BB47CA33-8B4D-11D0-9511-00C04FD9152D} (ExteriorSurround Object) - http://autos.msn.com/components/ocx/exterior/Outside.cab

CalamityJane · Posted: Tue Jun 01, 2004 12:05 pm Post subject:

Hi jeffa

Please make a new folder to put your HijackThis.exe into. Anywhere on your hard drive is fine other than your Desktop or the Temp folder. We suggest you use C:\Program Files\HijackThis but feel free to use any name or folder you like. Unzip HijackThis again and save the contents (Hijackthis.exe) to the new folder you made. Then navigate to it and run HijackThis from there. This is to ensure it makes the necessary backups for recovery if needed.

Next, please go offline, close all browsers and any open Windows, making sure that only HijackThis is open. Scan and when it finishes, put an x in the boxes next to these items, then press *fix checked*

R3 - Default URLSearchHook is missing

O4 - HKLM\..\Run: [mswspl] C:\Program Files\Windows Media Player\wmplayer.exe

O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"

O4 - HKLM\..\Run: [Windows Update] C:\WINNT\mstaskss.exe
...........................
Reboot your PC and delete the following files or folders named in bold

C:\Program Files\Windows Media Player\wmplayer.exe (file)

C:\Program Files\AutoUpdate (folder)

C:\WINNT\mstaskss.exe (file)

Unstall Windows Media Player, and download and install a fresh copy
http://www.microsoft.com/windows/windowsmedia/default.aspx
..............................
Make sure your NAV has the latest updates and do a full system scan - let it delete or quarantine any infected files.

I recommend also an online AV scan just to get a second opinion:

Panda's Active Scan
http://www.pandasoftware.com/activescan...ncipal.htm

Trend Micro (PC-cillin) - Free on-line Scan
http://housecall.antivirus.com

RAV Antivirus Online Scan
http://www.ravantivirus.com/scan/

eTrust AV web scanner (Computer Associates)
http://www3.ca.com/virusinfo/virusscan.aspx

About your popups - I think your ActiveX settings are warning you that something is trying to download on you. You should say *no* unless you are on a trusted site and purposefully do need a download of something.

Here is a great tool for checking your PC and browser for security and will suggest what settings to use for optimum safety.

Get the free tool, Microsoft Baseline Security Analyzer (MBSA) to analyze your PC security for prevention purposes.

MBSA Version 1.2 will scan for common system misconfigurations on Windows 2000, Windows XP, and Windows Server 2003 systems. This program will identify the system security weaknesses in your browser and operating system and provides easy instructions to correct them. This includes any missing critical Windows security updates, system vulnerabilities and your IE Browser security settings. Get the download here:
Microsoft Baseline Security Analyzer
http://www.microsoft.com/technet/securi...ahome.mspx

jeffa · Cadet Joined: May 30, 2004 Posts: 5 Location: USA

hello, thanks very much for your help.

I followed the procedure but the trojan did not leave and is still here.

I ran another Hijack this and the following is the log - thanks for your help

jeff

Logfile of HijackThis v1.97.7
Scan saved at 12:01:07 AM, on 6/2/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\hijack this\HijackThis.exe
C:\Program Files\hijack this\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.optonline.com/
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [CreateCD50] "C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe" -r
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\RunOnce: [Udf.dll] c:\winnt\system32\regsvr32.exe /s "C:\Program Files\Common Files\Adaptec Shared\CreatorAPI\Udf.dll"
O4 - HKLM\..\RunOnce: [WMC_RebootCheck] C:\WINNT\inf\unregmp2.exe /FixUps
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
O9 - Extra button: AIM (HKLM)
O16 - DPF: Yahoo! Backgammon - http://download.games.yahoo.com/games/clients/y/at0_x.cab
O16 - DPF: Yahoo! Word Racer - http://download.games.yahoo.com/games/clients/y/wt0_x.cab
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab
O16 - DPF: {928626A3-6B98-11CF-90B4-00AA00A4011F} (SurroundVideoCtrl Object) - http://autos.msn.com/components/ocx/survid/MSSurVid.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/C...6431365741
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bu...eRdxIE.cab
O16 - DPF: {BB47CA33-8B4D-11D0-9511-00C04FD9152D} (ExteriorSurround Object) - http://autos.msn.com/components/ocx/exterior/Outside.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shoc...wflash.cab

CalamityJane · Posted: Wed Jun 02, 2004 9:12 am Post subject:

Hi Jeff,

Your log looks good Smile

Could you please tell me what is the file name and exact location (full path) that this trojan is being detected?

jeffa · Cadet Joined: May 30, 2004 Posts: 5 Location: USA

hi, this is what the NAV warning says

object name : C:\WINNT\system32\lsd_f3.dll

Virus Name :Download. Trojan

Action Taken: unable to repair this file/unable to access this file.

Panda turned up nothing when I ran it

Thanks Jeffa

allosaur176 · Cadet Joined: Jun 02, 2004 Posts: 6 Location: USA

hello, i'm new here too, but i am brought here for the same reason as Jeffa... No matter what i try, i can't seem to get rid of this virus...

I tried downloading different programs from this site, and every one cannot be oped cause it is either corrupted or not a valid program.. Is that because of the virus??

Also, not sure if its related or not, but everytime i try to update my website, or try to pay through payapol, i get bumped offline... I never had that problem until this virus showed up... Any thoughts??

CalamityJane · Posted: Wed Jun 02, 2004 7:56 pm Post subject:

Jeffa and alosaur,

I have sent you each a private message (check your message box at the top of the forum). Please check that and send the requested file to my private email address. I would like to get each of your samples analyzed to be sure of what we are dealing with here. Do that first

Then, check the removal instructions here:

http://securityresponse.symantec.com/av...opdis.html

I would suggest you print out the instructions since some of it needs to be done in safe mode where you cannot get online. Make sure you keep all browsers closed when following the steps. Let me know if you find the registry values listed (or not).

alsosaur, what is your operating system?

You might also look at the link above to see if you have any of those entries listed in your registry. If so, go ahead and follow the removal instructions. If not, let me know back here, ok?

exerguy · Cadet Joined: Jun 02, 2004 Posts: 3 Location: USA

Hi: I have the same Trojan infection as Jeffa and Allosaur. I'm running windows 2000. Any help you can give me would be greatly appreciated. Here's my Hijack This log:

Logfile of HijackThis v1.97.7
Scan saved at 7:50:25 PM, on 6/3/2004
Platform: Windows 2000 SP3 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton Internet Security\NISUM.EXE
C:\WINNT\System32\drivers\CDAC11BA.EXE
C:\Program Files\Norton Internet Security\ccPxySvc.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\hidserv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINNT\system32\pctspk.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINNT\system32\wtsit.exe
C:\Program Files\interMute\AdSubtract\AdSub.exe
C:\Program Files\Proantivirus Lab\Digital Patrol Scanner 5.0\update.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\AT&T\WnClient\Programs\WNConnect.exe
C:\PROGRA~1\AT&T\WNCLIENT\PROGRAMS\WNCSMS~1.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINNT\system32\dllcache\IExplore.exe
C:\Program Files\Microsoft Baseline Security Analyzer\mbsa.exe
C:\WINNT\system32\dllcache\IExplore.exe
C:\Documents and Settings\Carrie\Application Data\erar.exe
C:\WINNT\system32\dllcache\IExplore.exe
C:\WINNT\system32\dllcache\IExplore.exe
C:\Documents and Settings\Carrie\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.westsuburbanbank.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.earthlink.net/partner/more/m...earch.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.earthlink.net/partner/more/m...earch.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:1029
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {0F660F64-F4C9-477F-8529-44181B717472} - C:\Program Files\AT&T\WnClient\Programs\CSMBHO.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\winnt\googletoolbar2.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\winnt\googletoolbar2.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: AdSubtract Toolbar - {F14AABDD-0232-4e5a-9B52-4178AC0A62B5} - C:\WINNT\system32\adsubtb.dll
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [CountrySelection] pctptt.exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Windows Update] C:\WINNT\mstaskss.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [ist service uninstall] C:\WINNT\msstasks.exe /u
O4 - HKCU\..\Run: [WAPI] C:\WINNT\system32\wtsit.exe
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\Symantec\LIVEUP~1\SNDMon.EXE
O4 - HKCU\..\Run: [Euoe] C:\Documents and Settings\Carrie\Application Data\erar.exe
O4 - Startup: AdSubtract.lnk = C:\Program Files\interMute\AdSubtract\AdSub.exe
O4 - Startup: Digital Patrol Update.lnk = C:\Program Files\Proantivirus Lab\Digital Patrol Scanner 5.0\update.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\QUICKENW\bagent.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://c:\winnt\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: AdSubtract: Bypass Site - res://C:\Program Files\interMute\AdSubtract\AdSub.exe/360
O8 - Extra context menu item: AdSubtract: Cloak Image - res://C:\Program Files\interMute\AdSubtract\AdSub.exe/361
O8 - Extra context menu item: AdSubtract: Report Site - res://C:\Program Files\interMute\AdSubtract\AdSub.exe/359
O8 - Extra context menu item: Backward &Links - res://c:\winnt\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\winnt\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://c:\winnt\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\winnt\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: AnyWho (HKLM)
O12 - Plugin for .flc: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shoc.../swdir.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Shar...vSniff.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/...mv9VCM.CAB
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsInstaller.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/C...7740972222
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/Shar.../cabsa.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shoc...wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8D2FBCF6-CF4B-4FD0-948F-65DB480595CA}: NameServer = 204.127.129.1 12.102.244.1

jeffa · Cadet Joined: May 30, 2004 Posts: 5 Location: USA

hi again, I could not attach the file and e-mail it to you no matter which way I tried.

I followed the symantec instructions but i had none of those files in my registry.

This thing is starting to become quite annoying lol

jeffa

matheus · Cadet Joined: May 27, 2004 Posts: 7 Location: Brazil

hey i got the same problem, i cant get rid of lsd_f3.dll, symantec removal procedures didnt work either
i appreciate any help, thanks

CalamityJane · Posted: Fri Jun 04, 2004 7:19 pm Post subject:

Ok gang, if anyone can get this file into a zip file and email to me at:

Edit: Got it! Thanks to whomever sent the rar file. Now removing my email address

lsd_f3.dll <--- put in a zip and email to me

I'll try to get answers

If you know how to password protect it - you can get it past the email filters, but tell me the password in your message and don't forget to include the URL to this thread (or just name the file lsd_f3.dll.zip) so I can connect the file to this thread and follow up.

exerguy · Cadet Joined: Jun 02, 2004 Posts: 3 Location: USA

Well, I don't know how it went for the rest of you, but Zip wouldn't take the file. Here's the message it gave me: Action: Add (and replace) files Include subfolders: no Save full path: yes
Include system and hidden files: yes
Adding WINNT/system32/lsd_f3.dll
Warning: could not open for reading: C:/WINNT/system32/lsd_f3.dll
copying Zip file

Any way to get around that? Thanks again.

allosaur176 · Cadet Joined: Jun 02, 2004 Posts: 6 Location: USA

yeah, no matter what i try to do, it will not zip,move or delete..Its getting fustrating now

jeffa · Cadet Joined: May 30, 2004 Posts: 5 Location: USA

well.... its gone, I didnt get rid of it myself but the person who did booted up in safe mode, then went into the properties of the file, went to security tab, went to "advanced" and messed arround with it and they were able to dump it in the trash and delete it.

Thats all I can tell you

good luck

allosaur176 · Cadet Joined: Jun 02, 2004 Posts: 6 Location: USA

do you think you could find out exactly what the person did to the file??


	Home ˇ Topics ˇ Submit News ˇ Top 10 This entire site, Cops Themes, and Computer Cops are Š 2002 - 2004 Computer Cops, LLC. All rights reserved. You can syndicate our news using the file RSS 0.91, ultramode.txt, or RSS 1.0. Acceptable Use Policy. Use signifies your agreement. Engine Copyright Š 2002 by PHP-Nuke, GNU/GPL Licensed. ICRA Member. Paul Laudanski, Member of Computer Cops, LLC Server Load: 596 pages served in previous 5 minutes. Page Rendered: 0.574 seconds.