February 21, 2010

How to remove Trojan Infostealer.Saluni ?

Trojan Infostealer.Saluni gathers user accounts and passwords information of applications like Trillian, Yahoo, Internet Explorer, MSN, NO-IP,Paypal,Steam, IMVU,Pidgin, FlashFXP, Google, Firefox, DynDNS etc. It stores this gathered information on these files in temporary directories keylog.dat,Pass.dat.

Infected Operating systems : Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows Vista, Windows XP.

This trojan will show this error
Run-time error '429'

It also creates this file "C:\Windows\system32\kernel.exe" after execution.

These stored information will be uploaded to remote site or hacker using FTP or through email .

How to remove Trojan Infostealer.Saluni?

1. Perform standard procedure for Virus removal.
** Standard procedure for Virus removal

2. Remove the following entries from windows registry

** How to edit windows registry ?

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\"default" = "%System%\kernel.exe"

Follow these steps only if the updated Anti-Virus (Eg.: Norton, Symantec) failed to remove the threat completely .

Remove these files if it exists on your computer.


In Windows Vista & 7
In Windows XP
C:\Documents and settings\\AppData\Local\Temp\keylog.dat
C:\Documents and settings\\AppData\Local\Temp\Pass.dat

Top 10 Anti-virus 2010 For Home Computers.
Free Online Virus Scanners.
Vipre: Antivirus, Antispyware, Anti-Rootkit - Free Trial Download

No comments: