sshnas.dll or sshnas21.dll is a component of trojan FakeAlert. The trojan come from malicious websites that ask users to download an Adobe Flash Player update or player needed to view a movie online. The filename of the trojan is flash-HQ-plugin. Once started, the trojan will download and install core components: c.exe, msa.exe and sshnas.dll (sshnas21.dll). When downloaded, it will be configured to start automatically when Windows starts. Trojan FakeAlert may display many popups and fake security alerts, hijack Internet Explorer, disable Windows Task Manager and Registry editor.Also it is usually installed in conjunction with a rogue antispyware programs.
If your computer is infected, then use these removal instructions below, which will remove sshnas.dll (sshnas21.dll) trojan and other components of trojan FakeAlert for free.
Symptoms in a HijackThis Log
O4 – HKCU\..\Run: [Videohost] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\c.exe
O4 – HKCU\..\Run: [SSHNAS] rundll32.exe C:\Windows\system32\sshnas.dll,DllWork
O4 – HKCU\..\Run: [LosAlamos] rundll32.exe C:\Windows\system32\sshnas.dll,AddConsoleAliasAW
O4 – HKCU\..\Run: [LosAlamos] rundll32.exe C:\Windows\system32\sshnas21.dll,AllocConsoleA
O4 – HKCU\..\Run: [Halo2] rundll32.exe C:\Users\username\AppData\Local\Temp\sshnas21.dll,GetMainWnd
Use the following instructions to remove sshnas.dll (sshnas21.dll) trojan and other components of trojan FakeAlert
Step 1.
Please download OTM by OldTimer from here and save it to desktop.
Run OTM. Copy, then paste the following text in “Paste Instructions for Items to be Moved” window (under the yellow bar):
:services
SSHNAS
:reg
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Videohost"=-
"SSHNAS"=-
"LosAlamos"=-
"Halo2"=-
:files
%windir%\msa.exe
%windir%\system32\sshnas.dll
%windir%\system32\sshnas21.dll
%windir%\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job
%windir%\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
:Commands
[emptytemp]
[Reboot]
Click the red Moveit! button. When the tool is finished, it will produce a report for you. If you are asked to reboot the machine choose Yes.
Step 2.
Download MalwareBytes Anti-malware (MBAM). Once downloaded, close all programs and windows on your computer.
Double-click on the icon on your desktop named mbam-setup.exe. This will start the installation of MalwareBytes Anti-malware onto your computer. When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure a checkmark is placed next to “Update Malwarebytes’ Anti-Malware” and Launch “Malwarebytes’ Anti-Malware”. Then click Finish.
MalwareBytes Anti-malware will now automatically start and you will see a message stating that you should update the program before performing a scan. If an update is found, it will download and install the latest version.
As MalwareBytes Anti-malware will automatically update itself after the install, you can press the OK button to close that box and you will now be at the main menu. You will see window similar to the one below.
Malwarebytes Anti-Malware Window
Make sure the “Perform quick scan” option is selected and then click on the Scan button to start scanning your computer. This procedure can take some time, so please be patient.
When the scan is finished a message box will appear that it has completed scanning successfully. Click OK. Now click “Show Results”. You will see a list of infected items similar as shown below.
Note: list of infected items may be different than what is shown in the image below.
Malwarebytes Anti-malware, list of infected items
Make sure all entries have a checkmark at their far left and click “Remove Selected” button. MalwareBytes Anti-malware will now remove all of associated Trojan FakeAlert files and registry keys and add them to the programs’ quarantine. When MalwareBytes Anti-malware has finished removing the infection, a log will open in Notepad and you may be prompted to Restart.
Note: if you need help with the instructions, then post your questions in our Spyware Removal forum.
Trojan FakeAlert creates the following files and folders
C:\WINDOWS\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job
C:\WINDOWS\msa.exe
C:\WINDOWS\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
%UserProfile%\Local Settings\temp\a.exe
%UserProfile%\Local Settings\temp\b.exe
%UserProfile%\Local Settings\temp\c.exe
C:\WINDOWS\system32\sshnas.dll
Trojan FakeAlert creates the following registry keys and values
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SSHNAS
HKEY_CURRENT_USER\SOFTWARE\XML
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sshnas
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sshnas
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\videohost
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sshnas
well done ! OTM you are simply the best
thanks alot man!!! worked perfectly!
Awesome man, It worked perfectly fine. I used OTM.exe. I have a question here. Can i use this OTM.exe to cleanup my temp files and other unwanted stuff every week. What the command? Can you help me?
Gopal, to clean your temp files use ATF Cleaner by Atribune – good, free and small tool. Download it from here.
Really You are Great!!! My comp is working now!
Many good things to YOU! Thank`s a LOT for your KINDNESS and TIME dedicate for us!!!!!
Good day from Italy!
Thank you, you saved me!
Cheers thanks alot for taking the time and effort to help us out… Great work.
Worked perfectly!! Thank you VERY much!!!
Worked perfectly. Thank you VERY much!!!
Excellent. It worked perfectly. Thanks you very much.I had been using more than 2 antivirus softwares but none of them could solve that problem. thank again
thank u very much it really works
this works very well, thank you !!
Thanks alot,
worked
Thanks! Got rid of that problem! Seems I have more though 🙁 Is there any good program out there anymore for stopping these things?? I have used Norton, AVG, and Avira but keep ending up with these trojans. I update and scan religiously. I also scan regularly with Spybot, Malwarebytes, and AdAware and all missed this….and periodically wit CCleaner…why is it Malwarebytes needs Old Timer to be run first in order to detect the issues? Just trying to understand and keep it from happening again.
Bonjour, hola ,
Meric beaucoup pour votre aide. Tout est claire et efficace. Bonne continuation.
Bedankt, werkt klasse….
Thnx, works great….
Kelly, at moment of writing the instructions above, Malwarebytes could not completely remove this infections.
Thank you a lot.I had the message for more then a half of year.Your instructions fix my computer.
Good job
Thank you very much. I followed your instructions and that solved my problem.
🙂
Thanks dude it really worked
Thank~ Really Work For Me~
Fantastico !!!! realmente funciona muchas gracias se ha resuelto el problema en mi Vista he seguido los 2 pasos y holahop! PERFECTO!
Thank you. That would be very helpful..
phew, a solution!!! Superb!! Many Thanks OTM!!
Thanks, thanks, thanks
MUCHAS GRACIAS
SUPERÉ MIS DESCONFIANZAS Y TEMOERES PARA SEGUIR LAS INSTRUCCIONES, PERO FUNCIONÓ Y SE ELIMINÓ EL VIRUS. REINTERANDOLES MI AGRADECIMIENTO QUEDO DE USTED(ES, MUCHAS GRACIAS
thanks a lot
thank you soo much! it worked!!
Thank you so much!!! You saved me a lot o ftime and nerves…. Thank you
It works. And not only removed the trojans and malicious programs but all of the pop outs too.You guys are great. I’ll add you to my favorites rigth now. By the way, I know exacly where i got the trojan that gave me so much trouble. Is there a way that i can tell on them so they can screw the sons of bitches..?