Trojan in cscu.dll - delete file

Computing.Net > Forums > Security and Virus > Trojan in cscu.dll - delete file

Computer Problems? Computing.Net has over 1,000,000 posts about all things technology related! Over 90% answered within 24 hours! Click here to start participating now! Also, be sure to check out the New User Guide.

Trojan in cscu.dll - delete file

Name: zalwa
Date: December 31, 2007 at 11:28:48 Pacific
OS: XP
CPU/Ram: Core2Duo

Comment:

I've got a Trojan in my Computer I cannot get rid of: Trojan PSW.Generic5.UWD in cscu.dll file. I've been trying to remove it with several software witout any result included Spybot and ad-aware. Since I know which file that contains the trojan it should be enough deleting the file. However I cannot delete the file (Error: file cannot be deleted, running or pretected) so the question is: Is there is a way I can delete the file. Thank you.

Sponsored Link

Ads by Google

Response Number 1

Name: XpUser4Real
Date: December 31, 2007 at 11:37:21 Pacific

Reply:

There are some good progs to delete the file:
Move on boot
Dr Delete
Unlocker
You'll have to google for those.
Probably Dr Delete will be the best to work for you and they are all free progs.
Good Luck
Some HELP in posting on Cnet plus free progs and instructions Glad to Help!

Response Number 2

Name: jabuck
Date: December 31, 2007 at 11:55:22 Pacific

Reply:

Please download and install the latest version of HijackThis v2.0.2:

Download the "HijackThis" Installer from this link:
Hijack This

1. Save " HJTInstall.exe" to your desktop.
2. Double click on HJTInstall.exe to run the program.
3. By default it will install to C:\Program Files\Trend Micro\HijackThis.
4. Accept the license agreement by clicking the "I Accept" button.
5.Click on the "Do a system scan and save a log file" button. It will scan and then ask you to save the log.
6. Click "Save log" to save the log file and then the log will open in Notepad.
7. Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
8. Paste the log in your next reply.
9. Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.

Response Number 3

Name: zalwa
Date: January 1, 2008 at 03:36:44 Pacific

Reply:

Thanks so far, my Hijakt This log looks like this:
--------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:33:50, on 2008-01-01
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.exe
C:\Internet\Avast\aswUpdSv.exe
C:\Internet\Avast\ashServ.exe
C:\Program Files\LClock\LClock.exe
C:\WINDOWS\system32\mmm.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Internet\ZoneAlarm\zlclient.exe
C:\Programs\Babylon\Babylon.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Internet\Avast\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Wintools\WppMaster\Wallpaper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Internet\Avast\ashMaiSv.exe
C:\Internet\Avast\ashWebSv.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Internet Explorer\IEXPLORE.exe
C:\WINDOWS\explorer.exe
D:\Dld\HijackThis202.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.se/advanced_image...
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programs\Acrobat\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {13B86641-1E9C-4C02-9AB6-3DE5C8C54077} - C:\WINDOWS\system32\cscu.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Internet\BitComet\tools\BitCometBHO_1.1.8.30.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: Systran50premi.IEPlugIn - {9A0844DB-84CF-4440-BDB1-1F4F7C4F7FB0} - C:\Programz\Systran\IEPlugIn.dll
O3 - Toolbar: TextAloud - {F053C368-5458-45B2-9B4D-D8914BDDDBFF} - C:\Audio\TextAloud\TAForIE.dll
O4 - HKLM\..\Run: [LClock] C:\Program Files\LClock\LClock.exe
O4 - HKLM\..\Run: [KelsPakSoft] C:\WINDOWS\system32\mmm.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Internet\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [Babylon Client] C:\Programs\Babylon\Babylon.exe -AutoStart
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PDF Converter Registry Controller] "C:\Programz\Systran\RegistryController.exe"
O4 - HKLM\..\Run: [avast!] C:\Internet\Avast\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WallpaperChanger] C:\Wintools\WppMaster\Wallpaper.exe
O4 - HKCU\..\Run: [CTRegRun] C:\WINDOWS\CTRegRun.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [addon_ql] C:\WINDOWS\system32\dgfix.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Internet\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Internet\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Internet\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Programz\OfficeXp\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open and Translate in Word - res://C:\Programz\Systran\IEShellExt.dll /10
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Internet\BitComet\tools\BitCometBHO_1.1.8.30.dll (file missing)
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binar...
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binar...
O18 - Protocol: talkto - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Internet\Avast\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Internet\Avast\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Internet\Avast\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Internet\Avast\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: VundoFix Service (VundoFixSvc) - Atribune.org - C:\WINDOWS\SYSTEM32\VundoFixSVC.exe
--
End of file - 6542 bytes
---------------------------
What can I do now?

Response Number 4

Name: zalwa
Date: January 1, 2008 at 04:48:20 Pacific

Reply:

I have been trying to delete the file with all 3 programs, (even in Unsafe mode) but NO RESULTS! - the file can't be deleted!

Response Number 5

Name: jabuck
Date: January 1, 2008 at 07:11:37 Pacific

Reply:

Please download SmitFraudFix from this link:
SmitfraudFix
Then extract the contents to your desktop.
!!!! Only run option #1 as runing the other options on an uninfected computer will damage the desktop.!!!!
Open the "SmitfraudFix" folder and double-click "smitfraudfix.cmd"
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.
Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.

bash unexpected end of file syntax error: unexpected end of file pmls file	schedule file move vsutil.dll zonealarm trojan in system32
See More

Sponsored Link

Ads by Google

trojen horse.generic6.abb...

Unable to forward Email A...

Post Locked

This post is quite old and has been locked from receiving new replies. Please create a new posting instead.

Go to Security and Virus Forum Home

Sponsored links

Ads by Google

Results for: Trojan in cscu.dll - delete file

A trojan in an .exe file

Summary

www.computing.net/answers/security/a-trojan-in-an-exe-file/22146.html

Yet another trojan in sys_ext. dll

Summary

www.computing.net/answers/security/yet-another-trojan-in-sysext-dll/9615.html

trojan in browsela.dll won't delete

Summary

www.computing.net/answers/security/trojan-in-browseladll-wont-delete/17382.html

From the Geek Dictionary
CPU - Acronym for Central Processing Unit. This is the term most commonly associ...

Ask a Question!

Weekly Poll
Did you go shopping on Black Friday?

Poll Finishes In 7 Days.
Discuss in The Lounge
Poll History

Recent Posts
winamp is working but no sound...

internet exlore 8

Please help, PC shuts off after 2 seconds

DVD ROM door is not getting closed first time

How to spend less money buy good battery

All Awaiting Reply

Tom's News
Man Pleads Guilty Selling Fake Chips to Navy

Threatening Rap on YouTube Lands Two in Jail

New Final Fantasy XIII Trailer is 5 Minutes Long

Guy Quits Job With Error Message

Verizon Takes on Sprint's 3G Network (And Wins)

More Tom's Guide News

Data Recovery

Manufacturer List | About Us | Advertising Info | Contact Us
The information on Computing.Net is the opinions of its users. Such opinions may not be accurate and they are to be used at your own risk. Computing.Net cannot verify the validity of the statements made on this site. Computing.Net and Computing.Net LLC hereby disclaim all responsibility and liability for the content of Computing.Net and its accuracy.
PLEASE READ THE FULL DISCLAIMER AND LEGAL TERMS BY CLICKING HERE