This post is all about Infostealer.Ldpinch.H. It includes description and removal guide to get rid of the Trojan instantly from your computer.

Infostealer.Ldpinch.H is a Trojan that can steal File Transfer Protocol (FTP) account details from victim and sends the gathered data to a remote computer. Author of this Trojan intend to use stolen credentials for succeeding attack. This threat can also make changes to system settings and add an entry to Windows registry.

Alias: Trojan.Win32.Pakes, Trj/Pakes.EB, Trojan.Pakes!ct, Trojan:Win32/Chksyn.gen!A, Trojan.Win32.Pakes.jwi, W32/Trojan2.DJAO, Trojan.PWS.Lich.A, Win32/PSW.Chill, Win-Trojan/Pakes.33056, TROJ_PAKES.ATE, W32/Smalltroj.FPFH, TROJ_BUZUS.MM

Damage Level: Medium

Systems Affected: Windows 9x, 2000, XP, Vista

When run on the computer, this Trojan will create a .DAT file under System folder of Windows. It will also replace a legitimate userinit.exe file with a malicious copy that will able to execute itself when Windows starts. Then, it will create a bunch of registry entries that are essential to initiate its actions inside the infected PC.

Infostealer.Ldpinch.H will search the infected unit for saved File Transfer Protocol (FTP) accounts. It is capable of gathering user name and password even on encrypted data. The Trojan will send stolen credentials to an assigned web address.

This Trojan carries a payload that may be useful for author’s next planned attack. It modifies certain configuration launch the Trojan whenever the affected program is opened.

Infostealer.Ldpinch.H is a Trojan that has no capability to spread own code to other neighboring systems. Innocent user may download this type of infection from the Internet, typically on infected web site. Moreover, authors can attach a copy of this Trojan on spam email messages that will use victim’s computer to mass-mail a copy of it.

How to Remove Infostealer.Ldpinch.H

1. Temporarily Disable System Restore (Windows Me/XP).
2. To be able to identify even the most recent variant of Infostealer.Ldpinch.H, open your antivirus application and update the virus definition file.

3. Start Windows in Safe Mode with Networking.
- From a power-off state, turn on the computer and press F8 on your keyboard repeatedly.
- Your computer will display Windows Advanced Boot Options menu. Please select Safe Mode with Networking.
- The system will now boot Windows and loads only necessary drivers and files.

4. Open your antivirus program and run a full system scan. After the scan, delete all infected items. If unable to delete, better place them in quarantine. Once the scan is complete, please proceed with the next step.

Scan with Norton Power Eraser:

Additional virus removal tool like Norton Power Eraser provides deep scanning technology to eliminate other threats not detected by a normal virus scan. Use this tool with extra caution.

5. Go to this link and download Norton Power Eraser.
6. Once the download completes, double click on the file NPE.exe to run the program.
7. It will prompt for End User License Agreement, click on Accept to continue.
8. On NPE main window, click on Scan. Then select Exclude Rootkit Scan. Click on Continue to proceed.
9. Virus scanning may take some time. After running the scan, NPE will display the scan result.

Important! If there are any detected threats under Suspicious, remove the check mark. Only threats in Detected category are necessary to remove at this point. Make sure that you mark the Create System Restore Point before proceeding with the fix.

10. Now click on Fix to start removing the threats including Infostealer.Ldpinch.H remnants if there are any.
11. When done, Norton Power Eraser will restart the computer. Then after a reboot, it will initialize and display the eliminated threats.
12. You may now close Norton Power Eraser.

Alternative Removal Method for Infostealer.Ldpinch.H

Option 1 : Use Windows System Restore to return Windows to previous state

If Infostealer.Ldpinch.H enters the computer, there is a big chance that Windows files, registry entries and other essential components are also infected. System Restore can reinstate clean system files by restoring the configuration to an earlier date. The method also replaces compromised files with a clean version. If you have a saved restore point before Infostealer.Ldpinch.H infiltrates the PC, we highly encourage you to execute this procedure if none of the above works. You may proceed with Windows System Restore, click here to see the full procedure.

Option 2 : Infostealer.Ldpinch.H manual uninstall guide

IMPORTANT! Manual removal of Infostealer.Ldpinch.H requires technical skills. Deleting system files and registry entries by mistake may result to total disability of Windows system. We advise you to perform a backup of registry before proceeding with this guide.

1. Kill any running process that belongs to Infostealer.Ldpinch.H.
- Press Ctrl+Alt+Del on your keyboard.
- When Windows Task Manager appears, look for Infostealer.Ldpinch.H files (refer to Technical Reference) and click End Process.

End Task

2. Delete all registry entries that belong to this malware.
- Press [Windows Key]+R on your keyboard.
- In the 'Open' dialog box, type regedit and press Enter. This will open registry editor.
- Find and delete registry entries as mentioned in Technical Reference section below.
- Close registry editor. Changes made will be save automatically.

Run Regedit

3. Scan the computer with antivirus program.
- Connect to Internet and open your antivirus software. Please update to obtain the latest database and necessary files.
- Restart the computer in Safe Mode.
- Just before Windows logo begins to load press F8 on your keyboard.
- On Windows Advanced Boot Options, select Safe Mode and press Enter.

4. Delete all files dropped by Infostealer.Ldpinch.H.
- While still in Safe Mode, search and delete malicious files. Please refer to 'Technical Reference'. Make sure that you execute 'End Task' first before deleting the file. Otherwise, the system will not let you perform this action.

Associated Files and Folders:Added Registry Entries:

1 Response

  1. outwar6010 says:

    I’ve deleted the first one but cant locate these:

Leave a Reply

Your email address will not be published. Required fields are marked *