Infostealer.Sarhus
This page contains description as well as removal guide for Infostealer.Sarhus. To remove this Trojan, carefully follow the guide below.
Infostealer.Sarhus is a deadly computer Trojan. It will connect to a remote server to download and upload files. Infostealer.Sarhus can also gather sensitive information from an infected computer. It will save your critical information as a log text file and send it to a remote attacker on scheduled basis.
Damage Level: Medium
Systems Affected: Windows 9x, 2000, XP, Windows Vista
Characteristics
Once Infostealer.Sarhus is executed, it will create several malicious files under Windows System folder. To load the harmful code each time you start Windows, the Trojan will make some changes on the registry and include it in the start-up list.
When the Trojan is running on the PC, it may connect to an assigned server and download more threat to perform the following tasks:
- Steal sensitive information including online accounts like user name and passwords.
- Occasionally update its configuration and settings.
- Upload a file to a remote server.
Distribution
Infostealer.Sarhus spreads through a number of means ordinarily employs by other similar threats. There is also an observation that some malicious links will direct victims to Trojan download page. These links may reach target user via spam email messages, instant messaging programs and infected web sites containing malicious links that tackle most recent issues and events.
Computer Security Recommendations:
- Install antivirus and firewall program. A combination of these two may prevent virus and hacking attack.
- Use complex passwords on every aspect that requires it. Hard to crack passowords containing alpha-numeric characters and not less than eight characters long will help prevent further damage on infected computer.
- Disable Autoplay of USB drives to avoid automatic launching of virus that is run via Autorun.Inf file. See how to do it.
Internet Precautions:
- Configure email clients to block incoming emails that contains attached files with .vbs, .bat, .exe, .pif and .scr extensions.
- Be wise in opening e-mail attachments. Spam messages that pretend to be from a known source may contain infected attached files.
- Never click on a suspicious link sent through instant messaging programs.
How to Remove Infostealer.Sarhus
1. Temporarily Disable System Restore (Windows Me/XP). [how to]
2. To be able to identify even the most recent variant of Infostealer.Sarhus, open your antivirus application and update the virus definition file.
3. Start Windows in Safe Mode with Networking.
- From a power-off state, turn on the computer and press F8 on your keyboard repeatedly.
- Your computer will display Windows Advanced Boot Options menu. Please select Safe Mode with Networking.
- The system will boot Windows loading only necessary drivers and files.
4. Open your antivirus program and run a full system scan. After the scan, delete all infected items. If unable to delete, better place them in quarantine. Once the scan is complete, please proceed with the next step.
Scan with Norton Power Eraser:
Additional virus removal tool provides deep scanning technology to eliminate other threats not detected by a normal virus scan. Use this tool with extra caution.
5. Go to NPE web page and download the tool.
6. Once the download completes, double click on the file NPE.exe to run the program.
7. It will prompt for End User License Agreement, click on Accept to continue.
8. On NPE main window, click on Scan. Then select Exclude Rootkit Scan. Click on Continue to proceed.
9. Virus scanning may take some time. After running the scan, NPE will display the scan result.
Important! If there are any detected threats under Suspicious, remove the check mark. Only threats in Detected category are necessary to remove at this point. Make sure that you mark the Create System Restore Point before proceeding with the fix.
10. Now click on Fix to start removing the threats including Infostealer.Sarhus remnants if there are any.
11. When done, Norton Power Eraser will restart the computer. Then after a reboot, it will initialize and display the eliminated threats.
12. You may now close Norton Power Eraser.