Removal solution for PWSteal.Marlap.C

DeMario · #1 03-03-2010

Hi friends, I am using samsung laptop which is loaded with Windows Vista operating system. And my anti virus software program are displaying that your system are infected with PWSteal.Marlap.C virus. And I tried to remove this virus from my anti virus program but it is unable to delete this virus. And this virus made my machine tremendously slow. I want some good removal solution for this virus. Can any will tell me that how to remove this virus, please?

Steve123 · #2 03-03-2010

PWSteal.Marlap.C generates the given file:

C:\Windows\PictureViewer.exe

And then run EJN[RANDOM NUMBER].tmp.

Now this virus insert the value:

"PictureViewer" = "C:\Windows\PictureViewer.exe"

to the registry subkey:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run

Shen · #3 03-03-2010

This virus asks the user to out the given data if an AOL client is installed:

Name
Account Number
Account Type
Address
ZIP
Phone number
PIN number
Birthday
Mother?123,456s Maiden Name
Social Security Number
Credit Card Number and its expiration date
Debit Card Number and its expiration date

Big Fish · #4 03-03-2010

This virus sends the collected information to the gen below Web site:

"http://]imform.coolinc.info/[REMOVED"

This virus also tries to remove %System%\taskmgr.exe.

Note:
%System% is a variable that refers to the System folder. By default this is C:\Windows\System

Zachary · #5 03-03-2010

There are some recommendation for PWSteal.Marlap.C:

Isolate compromised computers quickly to prevent threats from spreading further. Perform a forensic analysis and restore the computers using trusted media.
Ensure that programs and users of the computer use the lowest level of privileges necessary to complete a task. When prompted for a root or UAC password, ensure that the program asking for administration-level access is a legitimate application.
Enforce a password policy. Complex passwords make it difficult to crack password files on compromised computers. This helps to prevent or limit damage when a computer is compromised.

Spyrus · #6 03-03-2010

Search and delete to the subkey:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Remove the value in the right panel:

"PictureViewer" = "C:\Windows\PictureViewer.exe"

Thread Tools	Search this Thread
Show Printable Version Email this Page	Search this Thread: Advanced Search

Similar Threads for: "Removal solution for PWSteal.Marlap.C"
Thread	Thread Starter	Forum	Replies	Last Post
Need removal solution for TROJ_DROPPER.EAA	DeMario	Networking & Security	5	10-03-2010 01:31 PM
Removal solution for WORM_SOHANAD.JH	Enriquee	Networking & Security	4	09-03-2010 12:35 PM
Removal solution for WORM_WALEDAC.NYS	Elieis	Networking & Security	4	08-03-2010 02:43 PM
Removal solution for TSPY_GIMMIV.A	Enriqueta	Networking & Security	4	17-02-2010 05:45 AM
Removal solution for TSPY_YALUDLE.M	Cruzz	Networking & Security	4	12-02-2010 03:48 AM

Removal solution for PWSteal.Marlap.C

Networking & Security