Trojan.Startup.Nameshifter.GL

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

This is one mean piece of Spyware. I've googled and googled and not found
any hint of how to manually remove it. MSAS tells me that it can find it,
but it tries to remove it and by the time the PC is restarted, good old
Trojan.Startup.Nameshifter.GL has come back.

Has anyone run into this very mean piece of spyware and had a success at
getting rid of it?

Is there anything that I can do to tweak MSAS so that it stays gone?

Thanks!

-Jake
 
Hello Fadat;


Please follow the threads:


Subject: Trojan.Startup.NameShifter.d3do Trojan
From: "Medders" Sent: 9/20/2005 11:22:00 AM
General forum .


Subject: Trojan.Startup.Nameshifter.G
From: "Brock" Sent: 8/25/2005 10:23:02 AM
SIGNATURES


Subject: Trojan.Startup.NameShifter.wingu now over 1/4 of a million
signatures
From: "keim" Sent: 8/25/2005 9:23:48 AM
SIGNATURES



Good luck


Engel
 
Some help from Andy Manchesta here:

The "Nameshifter" name is just used by MS Antispy which
then gets passed on to Counterspy but the name itself
doesnt show what the infection is so it's always hard to
answer nameshifter questions, Only the MS team would know
what infection this relates to all its really saying it
that it can change its name so that could be alot of
malware (Look2me,Qoologic,Aurora,Elite,CoolWebSearch
etc..)

Here's a few options

When you say it keeps coming back, MSAS should tell you
what the filename is and where it is located, If its
in "System Volume Information" let us know as you can
just flush your system restore to remove it.

This could change it's name everytime you reboot like
Aurora's entry or it could just change its name when you
delete it like Look2me,CWS & Qoologic as there may be
another part protecting the files.


Goto Jotti's site and upload the nameshifter file to find
out what it is and what infection it is conected with

http://virusscan.jotti.org/

press browse, find the file then press "Submit"

Download Ewido and Ccleaner

Ewido

http://www.ewido.net/en/

Install ewido.
During the installation, under "Additional Options"
uncheck "Install background guard" and "Install scan via
context menu".
Launch ewido
On the left side of the main screen click update
Click on Start and let it update.
DO NOT run a scan yet. You will do that later in safe
mode.


Ccleaner

http://www.ccleaner.com/ccdownload.asp

Download and Install


Reboot into safe mode (Reboot and keep tapping F8 then
choose safe mode from the list)

Run Ewido and from the main menu choose scanner then
Complete Scan
Click the Start Scan button to start the scan.
During the scan it will prompt you to clean files, click
OK
When the scan is finished, look at the bottom of the
screen and click the Save report button.
Save the report to your desktop

Run MS Antispy in safe mode on a full system scan and
remove anything found

Finally Start Ccleaner and click "Run Cleaner" to remove
temp and unused files

Then reboot back to normal mode

Let us know if you have problems and what Jotti's site
detects if you can locate the file.

Regards

Andy
--
Andre
Extended64 | http://www.extended64.com
Blog | http://www.extended64.com/blogs/andre
http://spaces.msn.com/members/adacosta
FAQ for MS AntiSpy http://www.geocities.com/marfer_mvp/FAQ_MSantispy.htm
 
Back
Top