How do I remove PSW.Briss.H

  Toolman 02:09 04 Jul 04
Locked

Somehow I have PSW.Briss.H on my computer. It is an internet tracker and keylogger. I have tried several recommended ways of getting rid of it, none work. Several downloads of apps to get rid of Trojans, none work. AVG can't get rid of it but says it resides in C:\Windows\DownLoadedProgramFiles|JAO.DLL and sometimes C:\Windows\DownLoadedProgramFiles\Conflict.1\jao.dll. When I look for jao.dll it isn't in C:\ etc? I have enabled to view hidden files.
Previous versions had files in several places, registry and dll which re-installed it at every switch-on. By the way, how do I view the DLL?
Any help will be much appreciated.
Toolman.

  jonnytub 02:55 04 Jul 04

can't help much but the reason last one kept coming back is system restore would need to be temporarily switched off.

  Toolman 10:12 04 Jul 04

Thanks jonnytub but I've done that as well. You loose all the restore points as well and when I turned back on, some files were corrupted on just one of the profiles, luckily it wasn't mine as it was then unusable and a new one was automatically created. I still have this worm though. Can anyone tell me how to view and edit the DLL? I have tried the PCA utillity on the disk called DLL Show, it doesn't show it!
Toolman, (Desperate!!!)

  rawprawn 10:46 04 Jul 04

You could try and edit out of the registry, but be carefull and back up the registry before you start in case of any mistakes. Go to Start/Run/ Type regedit/Enter/Make sure My Computer is Highlighted then click/Edit/Find and type the name jao.dll in the box/click Find Next. Delete anything it finds but don't touch anything else/click find next and do the same. Keep doing this until it finds no more.To backup the registry Click File/Export, and choose where you want it to go/Save. You can restore the registry by double clicking this file. I would only use this method as a last resort as it doesn't always completely solve the problem, if there are bits it is using you don't know about. But it is better tyhan formatting the HD. Good Luck

  rawprawn 10:53 04 Jul 04

click here Look at this first and note the reply by Funnybones.

  Toolman 16:54 05 Jul 04

Tried editing the registry. Deleted the entries that referred to the trojan. Re-booted, ran AVG and the PSW.Briss.H was found yet again. Spy-Bot, Ad Aware and Webroot Spy Sweeper have never detected it! A second search of the registry fails to turn anything up but AVG insists it is there!!! Reformatting is not really an option, at least not yet. With 4 people using this computer, saving essential files would be a nightmare and how do I know I won't re-introduce the trojan?
Has anyone got any new ideas??? Pleeeeeeze.
Toolman.

  SANTOS7 17:54 05 Jul 04

click here this should help, good luck

  VoG II 18:08 05 Jul 04

a² free click here

  SANTOS7 18:14 05 Jul 04

Have to say Vog i've used that a² since you first posted it , what a good piece of kit, ta muchly

  Toolman 07:21 06 Jul 04

Well, I downloaded A2 and let it run, (overnight) and ther were 4 notices on the screen in the morning, 2 informing me PSW.Briss.H was on my computer and to run AVG, and two telling me A2 could not find any malware on it!
The Trojan is meant to reside in 2 files,:
C:\Windows\DownLoadedProgramFiles\Conflict.1\jao.dll
and C:\Windows\DownLoadedProgramFiles\jao.dll
C:\downloadedprogramfiles only contains:-
{00000075-9980-0010-8000-00AA00389B71} 4kb
{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} 4kb
{EF99BD32-C1FB-11D2-892F-0090271D4F88} 212kb
{9A9307A0-7DA4-4DAF-B042-5009F29E09E1} ACtiveX can installer class?
{A7EA8AD2-287F-11D3-B120-006008C39542}ActiveX CBSIEPrint Class
{4F5E4276-C120-11D6-A1FD-00508B9D48EA} dldisplay class
{AE9DCB17-F804-11D2-A44A-0020182C1446} IntraLaunch.MainControl
{8AD9C840-044E-11D1-B3E9-00805F499D93} Java Runtime Enviroment 1.4.2
{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA}Java Runtime Enviroment 1.4.2
{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}Java Runtime Enviroment 1.4.2
{C606BA60-AB76-48B6-96A7-2C4D5C386F70} Pre Qualifier Class
{EB387D2F-E27B-4D36-979E-847D1036C65D}QDiagHUpdateObj Class
{166B1BCA-3F9C-11CF-8075-444553540000}Shockwave Active X Control
{D27CDB6E-AE6D-11CF-96B8-444553540000}Shockwave Flash Object
{9F1C11AA-197B-4942-BA54-47A8489BB47F}Update Class
These are all that is listerd in this file. I am guessing the trojan is elsewhere and AVG is giving a false response or the Trojan has disguised itself as one of these files.
Oh, I tried doing the free Panda scan, I couldn't, every time it downloaded the installer to do the scan, there was an error on the page. So no luck there.
Has anyone got any other ideas please?
Toolman.

  georgemac 07:46 06 Jul 04

Found this in a forum from a google search click here

Ok, reboot your system and bring it up in "Safe Mode" (F5 or F8 when starting Windows). At this point make sure Windows is configured to see hidden files and folders. Here's a link on how to do this if needed:

click here=

While in "Safe Mode", find this file and delete it from your system:

C:\WINNT\Downloaded Program Files\JAO.DLL

When finished, reboot your system again and bring it back up in normal mode. Run a full scan with AVG and let me know if it still detects the virus.

This thread is now locked and can not be replied to.

Surface Pro (2017) vs Surface Pro 4

Where HTML5 is headed next

MacBook Pro v Surface Pro 5