locked
TrojanDownloader:Win32/Renos.AS RRS feed

  • Question

  • How can you remove this virus?  We've ran the Windows Live Onecare but it continues to come up.  On our desktop it's replaced our wallpaper with a message that we need to install an antivirus or spyware remover to clean your computer.

    Thursday, August 28, 2008 2:52 AM

Answers

All replies

  • If One Care cannot remove the malware please contact support for help with removal. How to reach support - http://forums.microsoft.com/WindowsOneCare/ShowPost.aspx?PostID=2421771&SiteID=2

    Thursday, August 28, 2008 3:49 AM
    Moderator
  • Did you get help with this?  I have the same problem, started on 8/25, there's files in my system32 folder that do not belong there and act like a virus (changes name, sometimes 2 files instead of 1).  There's also a BMP file that ends up being the banner you're describing, I can delete the bmp file but not the other suspect file (lphcgs3j0et1g).  Access denied.  I managed to delete all suspect files a couple of days ago and the banner went away but having network issues so (stupidly) did a restore and the files are back.  The lph file kept trying to access the internet, went into the firewall and blocked access on it. Have requested one care support.
    Monday, September 1, 2008 6:12 PM
  • I downloaded a process monitor and discovered that lsass was executing a dll called hklmcrc.dll.
    I had to boot the station from the techiez tool kit to remove the file.
    I also removed the registry entry under HKLM\Software\Microsoft\WindowsNT\winlogin\notify

    The virus quit mysteriously popping up over and over again.
    Tuesday, September 9, 2008 5:24 AM
  •  Sandra T wrote:

    How can you remove this virus?  We've ran the Windows Live Onecare but it continues to come up.  On our desktop it's replaced our wallpaper with a message that we need to install an antivirus or spyware remover to clean your computer.

    sandra i have the same problem but i still can't figure it out. If you did fix please let me know how.
    Wednesday, October 1, 2008 3:33 AM
  •  

    If you are using Windows Live OneCare and you have been infected, but OneCare did not detect or cannot remove the malware, please contact support to report this and for help with removal.

    How to reach support (FAQ) - http://forums.microsoft.com/WindowsOneCare/ShowPost.aspx?PostID=2421771&SiteID=2

     

    If  you are not using Windows Live OneCare, you are off topic for this forum. This is not a general forum for viruses, spyware, or Windows Help. For help with spyware issues, you may want to try the forums here: 

    http://aumha.net/ For help with virus removal, contact the maker of your Antivirus program.

    If you are in North America, you can call 866-727-2338 for help with virus and spyware infections. See http://www.microsoft.com/protect/support/default.mspx for details. For international information, see your local subsidiary Support site.

     

    Wednesday, October 1, 2008 1:55 PM
    Moderator
  •  

    I got on the phone with One Care and it seems to be fixed.
    Friday, November 21, 2008 12:02 AM