Re: help needed with trojan threat

Discussion in 'NZ Computing' started by Ted, Mar 11, 2010.

  1. Ted

    Ted Guest

    On Mar 11, 2:56 pm, wrote:
    > I use ZoneAlarm firewall and ESET NOD32 antivirus.
    > I  downloaded an exe file and a keygen from a filesharing site the
    > other day. (Yes - I know I am a naughty boy - my version of Flash MX
    > which I fiddle about with as a hobby is getting old now and does not
    > meet the requirements of recent tutorials I find on the web)
    >  I ran a patch.exe by accident but checking it with NOD32 it gets a
    > clean bill of health.
    > Another exe  installer file I ran through the NOD32 and because it
    > showed up a number of trojan warnings did not run it. It is now
    > quarantined.
    > However  my NOD 32 now warns me whenever I start up the computer that
    > it is blocking
    > I have run a search on this and it is a netherlands site.
    > The search also took me to
    > which details a threat as follows:
    > Module Name
    >         dpnhupnp32.dll
    > Module Filename
    >          %System%\dpnhupnp32.dll
    > Address Space Details
    >         Process name: explorer.exe
    >         Process filename: %Windir%\explorer.exe
    >         Address space: 0x1E90000 - 0x1EB39DB
    > There were registered attempts to establish connection with      
    > The page lists a number of registry keys that the threat creates.
    > Some do not appear at all in my registry but the following do
    > HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.fsharproj
    > HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.fsharproj\PersistentHandler
    > HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host
    > HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings
    > The page lists a newly   created Registry Value  as:
    > [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.fsharproj\PersistentHandler]
    > (Default) = "{f7227766-6ea9-4a5d-acc4-d667c29824ab}"
    > The value in my registry does not match this.
    > The page does not give a newly created value for
    > HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings
    > A search on my computer did not find dpnhupnp32.dll
    > I have run a complete antivirus scan and the HD should now be clean
    > but surely something must have been missed for the computer still to
    > be trying to access
    > I would be grateful if someone could explain why my computer is trying
    > to access and how I can stop it doing so.
    > I tried using System Restore to reset the registry to what it was a
    > week earlier but got the message that no changes had been made to the
    > registry in that time.
    > TIA
    > Reg

    I see from another ThreatExpert page(
    dpnhupnp32.dll.html) this:

    The file "dpnhupnp32.dll" is known to be created under the following

    Check for those other filenames.
    Ted, Mar 11, 2010
    1. Advertisements

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Fitzy_bhoy

    Trojan Horse...Help needed

    Fitzy_bhoy, Aug 27, 2003, in forum: Computer Support
    Ralph Wade Phillips
    Aug 28, 2003
  2. gorf

    trojan virus help needed

    gorf, Jan 19, 2004, in forum: Computer Support
    Jan 19, 2004
  3. Joel Rubin
  4. D@Z
    Liza Smorgaborgsson
    Jan 30, 2006
  5. jamesa01
    Feb 27, 2006