The trojan was found by AVG virus scanner. Actually, there are two trojans found: PSW.Generic.BWM and PSW.Generic.DAP. I search them in google, and nothing related found. The infected file are "WINDOWS\SYSTEM32\msd.dll" and "WINDOWS\SYSTEM32\roddll.dll".
For the filename "roddll.dll", I find some information on the Web. There is a trojan named "Troj/Ragrok-A". This trojan creates "WINDOWS\rundll132.exe" and the "roddll.dll" file. Moreover, it also creates a registry entry to execute the "rundll132.exe" in HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run. So, it is not difficult to remove.
For the "msd.dll", there is not much information find. Anyway, I inspect the HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run in the registry, I find a suspect entry: "WINDOWS\system\rundll32.exe". I search on Google by key words "rundll32.exe" and "trojan". I find that rundll32.exe file is located in the c:\windows\System32 folder. In other cases, rundll32.exe is a virus, spyware, trojan or worm! Then, I remove the entry in the registry, remove the "rundll32.exe" in "WINDOWS\SYSTEM", as well as the "msd.dll". Then, reboot. Everything works fine! The AGV scanner doesn't find any trojan.
No comments:
Post a Comment