Bullguard Antivirus Forum Download A Free Copy Of Bullguard Antivirus Software
Free Antivirus Forum - Learn about antivirus, firewalls and personal security Free Antivirus Forum - Learn about antivirus, firewalls and personal security
 HomeLog InRegisterCommunity CalendarSearch the ForumView The Member ListHelp
Can't get rid of ssttr.dll
   
BullGuard Antivirus Forum > Virus Removal > Removal Help > Can't get rid of ssttr.dll  
Forum Quick Jump
 
New Topic Post reply to : Can't get rid of ssttr.dll Printable version of : Can't get rid of ssttr.dll
[ << Previous Thread | Next Thread >> ]

c_dewitt
New Member


Date Joined May 2006
Total Posts : 2
  		   Posted 5-14-2006 5:04 (GMT +1)    Quote: Can't get rid of ssttr.dllAlert an admin about: Can't get rid of ssttr.dll
I've been working on a friends machine and I've cleaned out most of what's there but sstr.dll is still running in it and I can't get rid of it.  I followed the instructions you left in http://www.bullguard.com/forum/10/Cant-Delete-or-quarantine_21092.html on using VundoFix.exe but it didn't touch it and it seems VundoFix.exe works differently than in that posting.  The F6 key just terminated the batch file.
 
Here's the Hijackthis log:
 
Logfile of HijackThis v1.99.1
Scan saved at 9:19:08 PM, on 5/13/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Documents and Settings\JOEL HUTCHINS\Desktop\HijackThis\hijackthis.exe
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://products.webroot.com/disp0201.php?pc=64002&rc=1&ps=T&oc=11&mjv=4&mnv=0&bld=405&cd=&dcc=&drc=&mo=&sid=1806143827&lang=en&loc=USA&rsc=
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: MFCOptimizeClass Object - {C25FA7CE-23EA-4271-A66D-06C4D5C22F78} - C:\WINDOWS\system32\ssttr.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Norton Ghost 9.0] C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\GhostTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb03.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O20 - Winlogon Notify: ssttr - C:\WINDOWS\system32\ssttr.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
 
Any thoughts?
 
Thanks,
 
c_dewitt
 
Back to Top
 

Andrei A.
BullGuard Admin




Date Joined Dec 2005
Total Posts : 53
  		   Posted 5-14-2006 6:05 (GMT +1)    Quote: Can't get rid of ssttr.dllAlert an admin about: Can't get rid of ssttr.dll
Hi Dewitt,
 
Except for the .dll file you mentioned, your log looks rather clean. Here is what I recommend you do in order to get rid of that last pest:

1. Start your computer in Safe Mode - http://www.computerhope.com/issues/chsafe.htm.
2. Run HijackThis! again and fix check the following entries:

O2 - BHO: MFCOptimizeClass Object - {C25FA7CE-23EA-4271-A66D-06C4D5C22F78} - C:\WINDOWS\system32\ssttr.dll
O20 - Winlogon Notify: ssttr - C:\WINDOWS\system32\ssttr.dll

3. Close HijackThis!, go to Start > Run and type cmd in the dialog that appears. Press [Enter].
4. Type this command in the command prompt window that appears:

   regsvr32 /u C:\WINDOWS\system32\ssttr.dll

5. Press [Enter] again and then type this line:

   del C:\WINDOWS\system32\ssttr.dll

6. Press [Enter], and close the command prompt window by typing exit.
7. Reboot your PC in Normal Mode, run another scan with HijackThis! and post the fresh log on this thread. Please mention how your PC is doing otherwise.

Looking forward to seeing how this goes. Rest assured that there are other methods we can try in case this one fails.

Cheers,
 
Andrei A.

Back to Top
 

rpggamergirl
Forum Moderator




Date Joined Dec 2005
Total Posts : 1534
  		   Posted 5-14-2006 12:59 (GMT +1)    Quote: Can't get rid of ssttr.dllAlert an admin about: Can't get rid of ssttr.dll
Hi,
This is the new fix for vundo.
 
Please download VundoFix.exe to your desktop.
http://www.atribune.org/ccount/click.php?id=4
Double-click VundoFix.exe to run it.
Put a check next to "Run VundoFix as a task".
You will receive a message saying vundofix will close and re-open in a minute or less.
Click OK
When VundoFix re-opens, click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will shutdown your computer, click OK.

Check out Tony Klein's article "How Did I Get Infected in the First Place?"
http://www.geekstogo.com/forum/index.php?autocom=custom&page=How_did_I
 
Site's Spam Filter stops simultaneous posts, anyone still waiting for reply may post at "Winguides" and pm me the link to your topic.
http://www.winguides.com/forums/
 
 

Back to Top
 

c_dewitt
New Member


Date Joined May 2006
Total Posts : 2
  		   Posted 5-15-2006 3:53 (GMT +1)    Quote: Can't get rid of ssttr.dllAlert an admin about: Can't get rid of ssttr.dll
Andrei A.

I ran HijackThis! in safe mode and checked the ssttr.dll entries, unregistered it but when I tried to delete the file I got a message saying it was in use by some other process and could not be accessed. After rebooting it was still there.

rpggamergirl

I downloaded the new copy of VundoFix, copied it to the affected machine and tried to run it in safe mode but it wouldn't run as a task. I could get it to scan and find several files but it apparently wouldn't delete them. I rebooted in full mode and ran again. This time it worked as advertiesed and I think it's licked. Now I need to get it back on the network, do the updates then convince this kid not to go to those places again.

Thanks for all your help!

C. DeWitt
Back to Top
 
New Topic Post reply to : Can't get rid of ssttr.dll Printable version of : Can't get rid of ssttr.dll
 
Forum Information
Currently it is Saturday, November 21, 2009 10:00 PM (GMT +1)
There are a total of 73.034 posts in 17.116 threads.
In the last 3 days there were 13 new threads and 67 reply posts. View Active Threads
Who's Online
This forum has 30334 registered members. Please welcome our newest member, sushil.
36 Guest(s), 0 Registered Member(s) are currently online.  Details
5 Latest Threads
Constant scanning andskipped files? (3)21-11-2009 14:33:51 (Dickens)
Cannot install anti-virus softeware or do window updates... need help (17)21-11-2009 13:46:11 (superjesse)
Michael Vick jerseys (1)21-11-2009 09:42:37 (Dickens)
Arizona Cardinals Jerseys (1)21-11-2009 09:37:23 (Dickens)
How to remove this Malware/Virus (0)21-11-2009 06:54:16 (bozzack)


Need Support? Write to: | Forum Help Manual

Download free trial version of Bullguard