Caisp.dll

[Tottez]

Hi there.

Have been searching a long time now to find a way to get rid of this trojan.
Hopefully you can help me.

It is called Caisp.dll and is located in my Temp folder.

Been trying diffrent antivirus programs etc.

[PaPi]

Quote:

Originally Posted by Tottez

Hi there.

Have been searching a long time now to find a way to get rid of this trojan.
Hopefully you can help me.

It is called Caisp.dll and is located in my Temp folder.

Been trying diffrent antivirus programs etc.

OK, here's how you get rid of it:

1. Make sure you have a current antivirus. If you don't have one, AVAST home edition will do (it's free, you can get it at www.avast.com) Make sure the virus definitions are up-to-date before you start the removal.
2. Delete CAISP.DLL file.
3. Restart your computer to safe mode and run a scan of your PC.
4. Your antivirus should be able to detect any leftovers of the malicious code and eliminate them.
5. Restart windows in normal mode.

[Tottez]

Thanks! i'll try and reply my success or bitter failure.

[Tottez]

Thank you!

I needed 4 annoying days to get this simple information!

[TheHobbit]

For any trojans or rootkits that embed themselves on your system/OS/files of harddrive(s) try the following it is an excellent program. Read everything on the screen when using and you'll be fine :

Program : UnhackMe

Link : http://www.greatis.com/unhackme/buy.htm

Download the version and is fully functional in demo mode.

Best antivirus is EsetNod - most are effective in OS live but demo mode will sort out other trashy spyware/malware etc but unhackme is genius and saved me a few times

Hope this helps.

On solution from Google :

Quote:

So at first, excuse my poor english, it's not my mother tongue.

Yesterday, a friend of mine called me because of a sudden #132 error, failed to read data. Although I've quitted half a year ago, he knew that I already stumbled across this error and knew how to fix it. We cleaned all the necessary things like Cache, WTF and Interface.
He still got the error when opening the chat, when interacting with the mail and the LFG-tool. The only possibility left, was to reinstall (checking RAM etc. is dumb when everything else works perfectly). He did but still encountered this error.
In the german technic-forum, others were complaining about the same exact error at the same circumstances. Many others couldn't prevent the error from happening by reinstalling, etc.

Somebody found out, that there was a new entry in the MSCONFIG of windows, named 'office'. It's producer isn't shown. Deactivating this service and removing a 'caisp.dll' in the temp folder should fix this. I've done this for him know and he is in safety now.
The interesting part of this is, that this virus is atm only recognized by very few firewalls (see http://www.virustotal.com/de/analisi...2a8-1268575763 ). It seems to be spread VERY randomly, not by visiting some sites of which you expect downloading malware, but even by youtube (I cleaned his pc via Teamviewer, the .dll was created yesterday at 2:17 p.m., the moment he was on youtube listening to madrugada - majesty, which should be clean with over 160k views). Sadly, I don't own any programming tool so I was only able to read very few lines in the .dll (opened with TextEdit on mac ) and it's a multi-game thief as it seems, because it also contains links for AION, CS and Warhammer Online viruses.

Now to the removing part:
1. msconfig -> system start -> bottom line: office - producer unknown -> deactivate (in some cases like him, this entry doesn't exist, nevertheless, carry on!)
2. search for 'caisp.dll' in your whole pc, his was in a random Temp folder (you need to activate being able to see system files and hidden files!)
3. if you can, simply delete it, there is surprisingly no save copy stored somewhere in sys32. if not, download Unlocker, it will delete it on the next startup.
4. change your password, some people on the forum already reported being hacked!


For the evidence of the existance of this virus, here a screenshot of the bottom line, showing some details of the virus:
http://img11.imageshack.us/img11/877...o20100314u.jpg
As you can see in the third line, there's also a password cracker included (or at least, that's what I assume as almost noob regarding .dlls)

Please DO NOT open the link shown in the picture, the risk of being infected is too high (even though there's no automatic download on mac).

Thanks for reading.

[Tottez]

Thanks you!

I needed 4 days to get this information!