Removal solution for Trojan.Sasfis

[Daniel23]

Hi friends, Recently I have a purchased anew Samsung laptop and it is installed with Windows 7. But Trojan.Sasfis are infected my system and made my laptop very slow. It takes a long time to boot up and shut down. And I have tried to many anti virus on this malware but that none of the anti virus application can not able to remove this virus. Can any one will provide good removal solution?

[Steve123]

During Trojan.Sasfis Trojan is had run then it generate the given file:

• %Temp%\1.tmp

Trojan.Sasfis worm makes changes the given registry entry:

• HKEY_CURRENT_USER\Software\Microsoft\Office\11.0\Word\Security\"AccessVBOM" = "1"

[Shen]

Trojan.Sasfis then opens Microsoft Word, if it is installed, and executes a VBA script which installs %Temp%\1.tmp and executes it.

Trojan.Sasfis Trojan then opens an examples of svchost.exe and push itself into the service.

Trojan.Sasfis Trojan then make copies its own as the given DLL file:

• %System%\[RANDOMLY NAMED FILE]

[Zachary]

The Trojan then removes the original executable.

The Trojan makes changes the given registry entry, so which it begins when Windows boots:

• HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\"Shell" = " Explorer.exe rundll32.exe %System%\[RANDOMLY NAMED FILE] [5 OR 6 RANDOM CHARACTERS]"

[Milton.J]

Try to restore the given registry entries to their previous values:

• HKEY_CURRENT_USER\Software\Microsoft\Office\11.0\Word\Security\"AccessVBOM " = "1"
• HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\"Shell" = " Explorer.exe rundll32.exe %System%\[RANDOMLY NAMED FILE] [5 OR 6 RANDOM CHARACTERS]"

[neophyte2010]

Hello,

As my name says, I am a neophyte and need some help with this Trojan.Sasfis I have on my computer.

I have Norton, and it gave me some instructions:

1. Disable System Restore
2. Update the virus definitions
3. Run a full system scan
4. Delete any values added to the registry

I have done steps 1-3 and am stuck on #4. I tried to "delete the following registry subkey":

HKEY_CLASSES_ROOT\idid

I tried to delete the HKEY_CLASSES_ROOT, but it wouldn't let me as the function cannot be highlighted. I also tried to looked for an "\idid", but cannot find it. Where should I be looking?

I also have no idea how to restore:

HKEY_CURRENT_USER\Software\Microsoft\Office... what the last poster posted. (This is supposed to be my next step according to the instructions)


Can anyone please help me out?

[virusguru]

In such that case i would suggest you to install AVG anti virus and i am sure this will remove all the Trojan form your system and at the same time it will also protect your system from malware, worms, root kit, backdoor etc.