Lsas.Blaster.Keyloger virus
it is fake Windows Alert which is secretly installed by trojan. It is a part of rogue application. A rogue software application designed to trick users into buying a fake product by using scare tactics. It will bombard you with pop ups in order to try and scam you out of money. This infection can come into after fake video codec installation that usually comes with malware.
Aliases : Lsas.Blaster.Keylogger

Infection Type : Trojan Horse
Risk Level: High Risk
System Affected : Windows Operating Systems
General Symptoms

Displays fake warning messages and “System Security Firewall Alert ” popups alerts.
Flashing icons appear on your system tray (Near of your system clock).
Hijacked homepage to OBSCURE webpage.
Internet Explorer is infected with worm Lsas.Blaster.Keyloger. This worm is trying to send your credit card details using Internet Explorer to connect to remote host.

Infected IE by Trojan lsas.Blaster.Keylogger

Manual Removal of Lsas.Blaster.Keyloger:

Block Lsas.Blaster.Keylogger sites:

http://www.virusdoctor-online.com

Stop Lsas.Blaster.Keylogger processes:
c:\Documents and Settings\All Users\Application Data\927e\unins000.exe
c:\Documents and Settings\All Users\Application Data\927e\VDoca582.exe

Delete and disable Lsas.Blaster.Keylogger DLLs:
c:\Documents and Settings\All Users\Application Data\927e\mozcrt19.dll
c:\Documents and Settings\All Users\Application Data\927e\sqlite3.dll

Delete the following Lsas.Blaster.Keylogger files:
c:\Documents and Settings\All Users\Application Data\927e
c:\Documents and Settings\All Users\Application Data\927e\unins000.dat
c:\Documents and Settings\All Users\Application Data\927e\Languages
c:\Documents and Settings\All Users\Application Data\System Data Configuration\config.cfg
c:\Documents and Settings\All Users\Application Data\System Data Configuration\DB.ini
c:\Documents and Settings\All Users\Application Data\System Data Configuration\fsvd6398.db
%UserProfile%\Application Data\Virus Doctor
%UserProfile%\Application Data\Virus Doctor\settings.ini
%UserProfile%\Application Data\Virus Doctor\uill.ini
%UserProfile%\Desktop\Virus Doctor.lnk
%UserProfile%\Start Menu\Virus Doctor.lnk
%UserProfile%\Start Menu\Programs\Virus Doctor.lnk
%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Virus Doctor.lnk
c:\Documents and Settings\All Users\Application Data\927e\Languages\VDDe.lng
c:\Documents and Settings\All Users\Application Data\927e\Languages\VDFr.lng
c:\Documents and Settings\All Users\Application Data\927e\Languages\VDIt.lng
c:\Documents and Settings\All Users\Application Data\927e\System Data Configuration
c:\Documents and Settings\All Users\Application Data\927e\System Data Configuration\DBInfo.ver
c:\Documents and Settings\All Users\Application Data\927e\System Data Configuration\vd952342.bd
c:\Documents and Settings\All Users\Application Data\System Data Configuration

Delete Lsas.Blaster.Keylogger registry keys:
%UserProfile%HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “Virus Doctor”
%UserProfile%HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Virus Doctor_is1
%UserProfile%HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform “URVDoc[]”

Delete Lsas.Blaster.Keylogger folders:
%UserProfile%\Application Data\Virus Doctor\ Note

For auto removal of Lsas.Blaster.Key logger:

<a href=”/download-super-anti-spyware/”>Download Super AntiSpyware FREE</a>

Tags: trojan lsas.blaster.keylogger removal guide

This entry was posted on April 8, 2012 at 7:16 pm. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Posted in 3: Security (Computer & Internet) by darfuns No Comments Yet