1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

windows\system32\expsr.dll - driving me mad!!

Discussion in 'Computer Security' started by Danmurph, Nov 18, 2007.

  1. Danmurph

    Danmurph Byte Poster

    127
    1
    27
    Hi everyone,

    I have this trojan on my computer windows\system32\expsr.dll, its in my boot sector and I can't get rid of it!
    Ive tried numerous peices of software and registry cleaners and I cant get rid of it.
    I'm getting a little worried as it is starting to affect the performance of my machine, I have two partitions, one running vista and the other XP.
    Can anyone help me, i've run out of ideas other than re-installing the operating system

    Thanks

    Danny
     
    Certifications: MCDST, MCP, A+
    WIP: Everything!!
  2. greenbrucelee
    Highly Decorated Member Award

    greenbrucelee Zettabyte Poster

    14,283
    254
    329
    what virus software do you use?

    Avira antivir is a good one or PCdoctor.

    you can get free trials of those.

    If nothing is working then you will have to format and reinstall everything.
     
    Certifications: A+, N+, MCDST, Security+, 70-270
    WIP: 70-620 or 70-680?
  3. derkit

    derkit Gigabyte Poster

    1,479
    54
    112
    Both are exe's but are useful@

    HijackThis produces a log of what is running, been ran etc.

    This helps clear a few things up
    Combofix

    Have a look at this page: Linky and search for expsr.dll and it'll appear in the list - seems like this user had similar problems.
     
    Certifications: MBCS, BSc(Hons), Cert(Maths), A+, Net+, MCDST, ITIL-F v3, MCSA
    WIP: 70-293
  4. zebulebu

    zebulebu Terabyte Poster

    3,748
    330
    187
    Danny

    Firstly, how do you know its a trojan? There is a service that runs legitimately called expsrv.dll (part of the VB runtime I believe) which can cause system instability. You say it's a trojan, but don't say where you get that information from.

    Secondly, the name you've given for the trojan isn't a trojan name - it may well be that the .dll file you're referring to has been infected - but that's not the actual name of the trojan, so providing removal instructions will be impossible.

    Run a spyware scan and see what it picks up - HijackThis is a good place to start. You would probably be better off posting the log results at some of the well-known malware protection sites (they have guys who specialise in spyware removal and will respond to your request far quicker and in a more knowledgable manner than any of us here will be able to do)

    My advice though, if you do discover the machine is compromised and not just unstable because of a misbehaving application, would just be to format & reinstall. You'll end up with far less of a headache if you do that than trying to disinfect a machine that has been compromised - its very rare nowadays to see a machine with only one infection, expecially with things like SmitFraud, CoolWebSearch & SpyAxe out there.
     
    Certifications: A few
    WIP: None - f*** 'em
  5. Danmurph

    Danmurph Byte Poster

    127
    1
    27
    trojan horse psw.generic5.vxd is the name of this trojan
     
    Certifications: MCDST, MCP, A+
    WIP: Everything!!
  6. Theprof

    Theprof Petabyte Poster Forum Leader

    4,570
    68
    196
    Certifications: A+ | CCA | CCAA | Network+ | MCDST | MCSA | MCP (270, 271, 272, 290, 291) | MCTS (70-662, 70-663) | MCITP:EMA | VCA-DCV/Cloud/WM | VTSP | VCP5-DT | VCP5-DCV
    WIP: VCAP5-DCA/DCD | EMCCA
  7. hbroomhall

    hbroomhall Petabyte Poster Gold Member

    6,623
    115
    224
    If it is *really* a boot-sector virus then 'fixmbr' (under XP) will deal with the main part.

    However - I haven't seen a boot-sector virus for ages. Why do you think this is one?

    Harry.
     
    Certifications: ECDL A+ Network+ i-Net+
    WIP: Server+

Share This Page

Loading...