sshnas.dll or sshnas21.dll is a component of trojan FakeAlert. The trojan come from malicious websites that ask users to download an Adobe Flash Player update or player needed to view a movie online. The filename of the trojan is flash-HQ-plugin. Once started, the trojan will download and install core components: c.exe, msa.exe and sshnas.dll (sshnas21.dll). When downloaded, it will be configured to start automatically when Windows starts. Trojan FakeAlert may display many popups and fake security alerts, hijack Internet Explorer, disable Windows Task Manager and Registry editor.Also it is usually installed in conjunction with a rogue antispyware programs.
If your computer is infected, then use these removal instructions below, which will remove sshnas.dll (sshnas21.dll) trojan and other components of trojan FakeAlert for free.
Symptoms in a HijackThis Log
O4 – HKCU\..\Run: [Videohost] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\c.exe
O4 – HKCU\..\Run: [SSHNAS] rundll32.exe C:\Windows\system32\sshnas.dll,DllWork
O4 – HKCU\..\Run: [LosAlamos] rundll32.exe C:\Windows\system32\sshnas.dll,AddConsoleAliasAW
O4 – HKCU\..\Run: [LosAlamos] rundll32.exe C:\Windows\system32\sshnas21.dll,AllocConsoleA
O4 – HKCU\..\Run: [Halo2] rundll32.exe C:\Users\username\AppData\Local\Temp\sshnas21.dll,GetMainWnd
Use the following instructions to remove sshnas.dll (sshnas21.dll) trojan and other components of trojan FakeAlert
Step 1.
Please download OTM by OldTimer from here and save it to desktop.
Run OTM. Copy, then paste the following text in “Paste Instructions for Items to be Moved” window (under the yellow bar):
:services
SSHNAS
:reg
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Videohost"=-
"SSHNAS"=-
"LosAlamos"=-
"Halo2"=-
:files
%windir%\msa.exe
%windir%\system32\sshnas.dll
%windir%\system32\sshnas21.dll
%windir%\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job
%windir%\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
:Commands
[emptytemp]
[Reboot]
Click the red Moveit! button. When the tool is finished, it will produce a report for you. If you are asked to reboot the machine choose Yes.
Step 2.
Download MalwareBytes Anti-malware (MBAM). Once downloaded, close all programs and windows on your computer.
Double-click on the icon on your desktop named mbam-setup.exe. This will start the installation of MalwareBytes Anti-malware onto your computer. When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure a checkmark is placed next to “Update Malwarebytes’ Anti-Malware” and Launch “Malwarebytes’ Anti-Malware”. Then click Finish.
MalwareBytes Anti-malware will now automatically start and you will see a message stating that you should update the program before performing a scan. If an update is found, it will download and install the latest version.
As MalwareBytes Anti-malware will automatically update itself after the install, you can press the OK button to close that box and you will now be at the main menu. You will see window similar to the one below.
Malwarebytes Anti-Malware Window
Make sure the “Perform quick scan” option is selected and then click on the Scan button to start scanning your computer. This procedure can take some time, so please be patient.
When the scan is finished a message box will appear that it has completed scanning successfully. Click OK. Now click “Show Results”. You will see a list of infected items similar as shown below.
Note: list of infected items may be different than what is shown in the image below.
Malwarebytes Anti-malware, list of infected items
Make sure all entries have a checkmark at their far left and click “Remove Selected” button. MalwareBytes Anti-malware will now remove all of associated Trojan FakeAlert files and registry keys and add them to the programs’ quarantine. When MalwareBytes Anti-malware has finished removing the infection, a log will open in Notepad and you may be prompted to Restart.
Note: if you need help with the instructions, then post your questions in our Spyware Removal forum.
Trojan FakeAlert creates the following files and folders
C:\WINDOWS\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job
C:\WINDOWS\msa.exe
C:\WINDOWS\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
%UserProfile%\Local Settings\temp\a.exe
%UserProfile%\Local Settings\temp\b.exe
%UserProfile%\Local Settings\temp\c.exe
C:\WINDOWS\system32\sshnas.dll
Trojan FakeAlert creates the following registry keys and values
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SSHNAS
HKEY_CURRENT_USER\SOFTWARE\XML
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sshnas
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sshnas
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\videohost
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sshnas
thank you so much.. it worked.. thanks again
Thanks a lot!!!!!!!
It’s the best solution i’ve found. It work perfectly, very helpful
it’s work! thanks!
Nah, just forget all that above. You don´t need to install any program at all. Just:
1.Manually delete the registry keys above. (run, regedit)
2.Manually delete all the files listed on the explanation.
3.Run msinfo and check if there are any unknown process being still loaded.
Simple and fast!
it is ok that i dont install the malware???BUT I INSTALL the otm??pls answer quick
Thanks dude it really worked!!!
pogi, OTM will remove only core component of the trojans. To remove any associated malware you need you a good antispyware (Malwarebytes, SuperAntispyware, etc).
It WORKED!!! Thanks a LOT!!!
Thank so much bro! works perfectly!
Thanks for your help! you are your most countries;)
can i delete the log notepad after the scanned?
Yes, of course 🙂
Thank you so much…muchas gracias…arigato…you
saved my PC
This one is great stuff, IE8 works after removing this trojan!! Thank you!
thanks for the information. it really helped me a lot.
thanks a lot. all work has benn done and it works! really great explanation.
Me quito el problema, Gracias excelente. salvo mi PC.
Worked like a dream. ESET picked up the virus but couldn’t remove the .dll file because it was in use. I tried killing the process, stopping unknown services and then eventually using unlocker to unlock the file to delete it, but it wouldn’t work. This tutorial was excellent and worked beautifully. Thanks.
Increible… muchas gracias por la informacion, me ayudaron a remover el problema. Muchas Gracias
Thanks from Israel!
use Control Panel-Folder option-wiew-check hidden files and folders
unchek hide protected operating sistem files
aplly
download HijackThis free.antivirus.com/hijackthis/
instal
close all program
scan with HijacThis and check sshnas.dll and fixit.
ENJOY………….
Thanks a lot it worked for me too.
My laptop is infected with sshnas21 trojan. I used OTM and Malwarebytes. sshnas21 together with 14 other trojans removed. Thank you very much for the fix.. 🙂
I have Avira Premium Security Suit. It has detect and wiped out this malicious software but did not remove annoying message about sshnas.dll at my Windows 7 start-up log-on.
So thank you 😉 !
Start-search-msconfig-startup-check sshnas.dll and disable
Enjoy………
thanks alot, this was gr8..
(smillllleeeessssss)
funktioniert wirklich DAnke !
thank you very very much
Thanks a lot. It works well!
This was very helpful. Thank you very much !