windows\system32\expsr.dll - driving me mad!!

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

Hi everyone,

I have this trojan on my computer windows\system32\expsr.dll, its in my boot sector and I can't get rid of it!
Ive tried numerous peices of software and registry cleaners and I cant get rid of it.
I'm getting a little worried as it is starting to affect the performance of my machine, I have two partitions, one running vista and the other XP.
Can anyone help me, i've run out of ideas other than re-installing the operating system

Thanks

Danny

 

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

what virus software do you use?

Avira antivir is a good one or PCdoctor.

you can get free trials of those.

If nothing is working then you will have to format and reinstall everything.

 

Both are exe's but are useful@

HijackThis produces a log of what is running, been ran etc.

This helps clear a few things up
Combofix

Have a look at this page: Linky and search for expsr.dll and it'll appear in the list - seems like this user had similar problems.

 

Danny

Firstly, how do you know its a trojan? There is a service that runs legitimately called expsrv.dll (part of the VB runtime I believe) which can cause system instability. You say it's a trojan, but don't say where you get that information from.

Secondly, the name you've given for the trojan isn't a trojan name - it may well be that the .dll file you're referring to has been infected - but that's not the actual name of the trojan, so providing removal instructions will be impossible.

Run a spyware scan and see what it picks up - HijackThis is a good place to start. You would probably be better off posting the log results at some of the well-known malware protection sites (they have guys who specialise in spyware removal and will respond to your request far quicker and in a more knowledgable manner than any of us here will be able to do)

My advice though, if you do discover the machine is compromised and not just unstable because of a misbehaving application, would just be to format & reinstall. You'll end up with far less of a headache if you do that than trying to disinfect a machine that has been compromised - its very rare nowadays to see a machine with only one infection, expecially with things like SmitFraud, CoolWebSearch & SpyAxe out there.

 

trojan horse psw.generic5.vxd is the name of this trojan

 

I don't know if it will be much of a help to you but try these two links:

http://forums.spybot.info/showthread.php?p=136123

http://forum.grisoft.cz/freeforum/read.php?4,109874,109977

 

If it is *really* a boot-sector virus then 'fixmbr' (under XP) will deal with the main part.

However - I haven't seen a boot-sector virus for ages. Why do you think this is one?

Harry.