Home Blog

How to Remove Infostealer.Nasdosto completely

Posted by in Blog Trojan
on January 24th, 2013 | Leave a comment

Infostealer.Nasdosto is a malicious Trojan like Infostealer.Dexter designed to steal information from the infected computer. There are two kinds of data hacker will want to gain. One is your system information, which hacker can use to exploit the system vulnerability so as to download more threats to the computer. The other is users’ interest, such as what information you search on the internet. With such information, Infostealer.Nasdosto can display related advertisement to make money from you. Moreover, hackers may access your personal account or expose your information to third parties for money. Web browser redirection and annoying pop-up are the common symptom of the infection. When stealing data, the Trojan will also bring damage on the computer, for example, it creates malicious registry entries and blocks some programs so that it can run at windows startup. When you notice the infection, you should remove it immediately. There are two ways to remove Infostealer.Nasdosto and you could choose the suitable one.

Technical details
The detailed information of the Trojan can help users with advanced skills remove the infection. However, manual removal way is very risky if you remove any wrong file or registry entries.

1. When executed, Infostealer.Nasdosto drops following files on the computer. You need to kill related processes and then delete them

%System%\ns2dos.exe
%System%\ns2dos
%System%\ns6dos.exe
%System%\ns6dos
%System%\ns7dos.exe
%System%\ns7dos
%System%\nsdos2.exe
%System%\nsdos2

2. Infostealer.Nasdosto creates following registry entries

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\”nsdos-debugg” = “[HEXADECIMAL CHARACTERS]”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\”msdos-debug” = “[HEXADECIMAL CHARACTERS]”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\”msdos-debug2″ = “[HEXADECIMAL CHARACTERS]”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\[RANDOM CLSID]\”StubPath” = “[HEXADECIMAL CHARACTERS]“

Recommended solution
Using a virus removal program is the most common solution. Such programs can wipe off the Trojan effectively without damaging the computer. If you have an antivirus program, you should try it to remove Infostealer.Nasdosto before you use any other methods. Entering Safe Mode with Networking may help.

To remove Infostealer.Nasdosto completely, an antispyware program is found to be more effective than general antivirus software. So if your antivirus program can not remove the Trojan completely, you could download an advanced antispyware program like Spyware Cease.

Comments are closed.