How to remove the USS.exe Trojan

THe USS.exe Trojan is an executable that gets installed on your computer along with other malware.  This infection will also install a service called wasfsd that uses the filename C:\Windows\System32\drivers\System32. When running, this Trojan will display fake alerts that state your computer is being attacked or is infected with particular infections.  It will then ask if you would like to block or fix these infections, and if you specify yes, will open up an Internet Explorer window where it prompts you to buy Trusted Antivirus.

alert2 alert
Fake alerts from USS.exe

Automatic Removal Method

We recommend that you install Spyware Doctor from PCTools in order to remove USS.exe Trojan from your computer. Spyware Doctor has an incredible track record for removing and detecting the latest malware.

DownloadDownload Spyware Doctor to scan your computer for free

Manual Removal Instructions for

End these processes:

Learn how to end processes

USS.exe


Delete these files:
Lean how to remove files

c:\END
c:\Program Files\USS
c:\Program Files\USS\unins000.dat
c:\Program Files\USS\unins000.exe
c:\Program Files\USS\USS.exe
c:\Program Files\USS\#agents
c:\Program Files\USS\#agents\53
c:\Program Files\USS\#agents\53\#startup
c:\Program Files\USS\#monitors
c:\Program Files\USS\#monitors\DirMonitor
c:\Program Files\USS\#monitors\FileMonitor
c:\Program Files\USS\#monitors\RegMonitor
c:\Program Files\USS\{826F15BF-1A4C-4290-BFD1-794AF7A2CB8F}
c:\Program Files\USS\{826F15BF-1A4C-4290-BFD1-794AF7A2CB8F}\GESPlugin.dll
c:\Program Files\USS\{826F15BF-1A4C-4290-BFD1-794AF7A2CB8F}\GESPlugin.xml
c:\Program Files\USS\{826F15BF-1A4C-4290-BFD1-794AF7A2CB8F}\kernel.dll
c:\Program Files\USS\{826F15BF-1A4C-4290-BFD1-794AF7A2CB8F}\unins000.dat
c:\Program Files\USS\{826F15BF-1A4C-4290-BFD1-794AF7A2CB8F}\unins000.exe
c:\Program Files\USS\{D1957FF4-EA22-4b4a-81A1-C62068479DED}
c:\Program Files\USS\{D1957FF4-EA22-4b4a-81A1-C62068479DED}\AMPlugin.dll
c:\Program Files\USS\{D1957FF4-EA22-4b4a-81A1-C62068479DED}\AMPlugin.xml
c:\Program Files\USS\{D1957FF4-EA22-4b4a-81A1-C62068479DED}\AsAgents.dll
c:\Program Files\USS\{D1957FF4-EA22-4b4a-81A1-C62068479DED}\AsAgents.xml
c:\Program Files\USS\{D1957FF4-EA22-4b4a-81A1-C62068479DED}\msvcp71.dll
c:\Program Files\USS\{D1957FF4-EA22-4b4a-81A1-C62068479DED}\msvcr71.dll
c:\Program Files\USS\{D1957FF4-EA22-4b4a-81A1-C62068479DED}\unins000.dat
c:\Program Files\USS\{D1957FF4-EA22-4b4a-81A1-C62068479DED}\unins000.exe
c:\Program Files\USS\{D1957FF4-EA22-4b4a-81A1-C62068479DED}\wasffNT.exe
c:\Program Files\USS\{EC572088-91C7-4293-93F9-93D40B0E0B36}
c:\Program Files\USS\{EC572088-91C7-4293-93F9-93D40B0E0B36}\GSCRPlugin.dll
c:\Program Files\USS\{EC572088-91C7-4293-93F9-93D40B0E0B36}\unins000.dat
c:\Program Files\USS\{EC572088-91C7-4293-93F9-93D40B0E0B36}\unins000.exe
c:\WINDOWS\system32\drivers\wasfsd.sys

Remove these Registry keys:

Learn how to remove Windows Registry entries

Warning: Editing the Windows Registry incorrectly can cause problems with your computer that may cause it not to operate correctly.  Please edit the Registry only if you know what you are doing.  Otherwise, please use the automated removal method above.

HKEY_CURRENT_USER\Software\USLst
HKEY_CURRENT_USER\Software\USS
HKEY_CLASSES_ROOT\CLSID\{ABCD4567-76B5-4bc7-AAC5-396D70925B22}
HKEY_CLASSES_ROOT\Interface\{ABCD4567-4D73-43E9-85E5-53A2DBD95422}
HKEY_CLASSES_ROOT\Interface\{ABCD4567-D8E8-4DF1-A3EA-D0AA72F42622}
HKEY_CLASSES_ROOT\TypeLib\{ABCD4567-7437-43EF-AB74-4AB1D3A37422}
HKEY_CLASSES_ROOT\wasfsd.CreationNotifier
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\USS_{826F15BF-1A4C-4290-BFD1-794AF7A2CB8F}_is1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\USS_{D1957FF4-EA22-4b4a-81A1-C62068479DED}_is1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\USS_{EC572088-91C7-4293-93F9-93D40B0E0B36}_is1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\USS_is1
HKEY_LOCAL_MACHINE\SOFTWARE\USS
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\wasfsd
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wasfsd
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run => USS

del.icio.us:How to remove the USS.exe Trojan  digg:How to remove the USS.exe Trojan  spurl:How to remove the USS.exe Trojan  wists:How to remove the USS.exe Trojan  simpy:How to remove the USS.exe Trojan  newsvine:How to remove the USS.exe Trojan  blinklist:How to remove the USS.exe Trojan  furl:How to remove the USS.exe Trojan  reddit:How to remove the USS.exe Trojan  fark:How to remove the USS.exe Trojan  blogmarks:How to remove the USS.exe Trojan  Y!:How to remove the USS.exe Trojan  smarking:How to remove the USS.exe Trojan  magnolia:How to remove the USS.exe Trojan  segnalo:How to remove the USS.exe Trojan  gifttagging:How to remove the USS.exe Trojan

This entry was posted on Thursday, July 17th, 2008 at 3:28 pm and is filed under Malware Removal Guide, Rogue Anti-Spyware, Trojan. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Leave a Reply