Infostealer.Lanaur
Infostealer.Lanaur is a computer Trojan that will install itself as a Browser Helper Object on the infected computers. When executed, Infostealer.Lanaur will steal information and monitors Internet activities like browsing and emails. Gathered data will be sent remotely to a predefined email address.
Technical Information:
Damage Level: Medium
Systems Affected: Windows 9x, 2000, XP, Vista, Windows 7
Manual Removal of Infostealer.Lanaur:
1. Temporarily Disable System Restore (Windows Me/XP/Vista/7) . [how to]
2. Update the virus definitions.
3. Restart Windows in SafeMode [how to]
4. Run a full system scan and clean/delete all infected file(s)
5. Delete/Modify any values added to the registry. [how to edit registry]
6. Exit registry editor and restart Windows.
Online Virus Scanner:
Another way to remove a virus without the need to install additional anti-virus application is to perform a thorough scan with free Online Virus Scanner that can be found here or on websites of legitimate anti-virus and security provider.
Technical Details and Additional Information:
Other functionalities of this Trojan:
- Modify Windows Registry
- Download additional malware
- Connects to a remote location
Malicious Files Added by Infostealer.Lanaur:
%CurrentFolder%\md_[NUMBER].dll
Associated Windows Registry Entries:
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\”*.bradesco.com.br” = “[BINARY VALUE]”
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\”Play_Background_Sounds” = “no”
HKEY_CURRENT_USER\Software\Alx\Config\”VRS” = “[VERSION NUMBER]”
HKEY_CURRENT_USER\Software\Alx\Config\”INSTALADO” = “S”
HKEY_CLASSES_ROOT\[TROJAN FILE NAME].MsShutt_[VERSION NUMBER]\Clsid\”Default” = “{0DBB4430-2805-4FF2-AC7D-43985BC678B8}”
HKEY_CLASSES_ROOT\[TROJAN FILE NAME].MsShutt_[VERSION NUMBER]\”Default” = “Alx2000″
HKEY_CLASSES_ROOT\CLSID\{0DBB4430-2805-4FF2-AC7D-43985BC678B8}\ProgID\”Default” = “[TROJAN FILE NAME].MsShutt_[VERSION NUMBER]”
HKEY_CLASSES_ROOT\CLSID\{0DBB4430-2805-4FF2-AC7D-43985BC678B8}\InprocServer32\”Default” = “%CurrentFolder%\[TROJAN FILE NAME].dll”
HKEY_CLASSES_ROOT\CLSID\{0DBB4430-2805-4FF2-AC7D-43985BC678B8}\InprocServer32\”ThreadingModel” = “Apartment”
HKEY_CLASSES_ROOT\CLSID\{0DBB4430-2805-4FF2-AC7D-43985BC678B8}\”Default” = “Alx2000″
Ran Hensel
Feb 10, 2011 @ 14:55:28
I had Infostealer.Lanaur on my computer a week ago. I tried the bitdefender total security… the latest version. It was easy to install, it cleaned the entire system from malware and viruses. worth a try!