sshnas.dll or sshnas21.dll is a component of trojan FakeAlert. The trojan come from malicious websites that ask users to download an Adobe Flash Player update or player needed to view a movie online. The filename of the trojan is flash-HQ-plugin. Once started, the trojan will download and install core components: c.exe, msa.exe and sshnas.dll (sshnas21.dll). When downloaded, it will be configured to start automatically when Windows starts. Trojan FakeAlert may display many popups and fake security alerts, hijack Internet Explorer, disable Windows Task Manager and Registry editor.Also it is usually installed in conjunction with a rogue antispyware programs.
If your computer is infected, then use these removal instructions below, which will remove sshnas.dll (sshnas21.dll) trojan and other components of trojan FakeAlert for free.
Symptoms in a HijackThis Log
O4 – HKCU\..\Run: [Videohost] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\c.exe
O4 – HKCU\..\Run: [SSHNAS] rundll32.exe C:\Windows\system32\sshnas.dll,DllWork
O4 – HKCU\..\Run: [LosAlamos] rundll32.exe C:\Windows\system32\sshnas.dll,AddConsoleAliasAW
O4 – HKCU\..\Run: [LosAlamos] rundll32.exe C:\Windows\system32\sshnas21.dll,AllocConsoleA
O4 – HKCU\..\Run: [Halo2] rundll32.exe C:\Users\username\AppData\Local\Temp\sshnas21.dll,GetMainWnd
Use the following instructions to remove sshnas.dll (sshnas21.dll) trojan and other components of trojan FakeAlert
Step 1.
Please download OTM by OldTimer from here and save it to desktop.
Run OTM. Copy, then paste the following text in “Paste Instructions for Items to be Moved” window (under the yellow bar):
:services
SSHNAS
:reg
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Videohost"=-
"SSHNAS"=-
"LosAlamos"=-
"Halo2"=-
:files
%windir%\msa.exe
%windir%\system32\sshnas.dll
%windir%\system32\sshnas21.dll
%windir%\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job
%windir%\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
:Commands
[emptytemp]
[Reboot]
Click the red Moveit! button. When the tool is finished, it will produce a report for you. If you are asked to reboot the machine choose Yes.
Step 2.
Download MalwareBytes Anti-malware (MBAM). Once downloaded, close all programs and windows on your computer.
Double-click on the icon on your desktop named mbam-setup.exe. This will start the installation of MalwareBytes Anti-malware onto your computer. When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure a checkmark is placed next to “Update Malwarebytes’ Anti-Malware” and Launch “Malwarebytes’ Anti-Malware”. Then click Finish.
MalwareBytes Anti-malware will now automatically start and you will see a message stating that you should update the program before performing a scan. If an update is found, it will download and install the latest version.
As MalwareBytes Anti-malware will automatically update itself after the install, you can press the OK button to close that box and you will now be at the main menu. You will see window similar to the one below.
Malwarebytes Anti-Malware Window
Make sure the “Perform quick scan” option is selected and then click on the Scan button to start scanning your computer. This procedure can take some time, so please be patient.
When the scan is finished a message box will appear that it has completed scanning successfully. Click OK. Now click “Show Results”. You will see a list of infected items similar as shown below.
Note: list of infected items may be different than what is shown in the image below.
Malwarebytes Anti-malware, list of infected items
Make sure all entries have a checkmark at their far left and click “Remove Selected” button. MalwareBytes Anti-malware will now remove all of associated Trojan FakeAlert files and registry keys and add them to the programs’ quarantine. When MalwareBytes Anti-malware has finished removing the infection, a log will open in Notepad and you may be prompted to Restart.
Note: if you need help with the instructions, then post your questions in our Spyware Removal forum.
Trojan FakeAlert creates the following files and folders
C:\WINDOWS\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job
C:\WINDOWS\msa.exe
C:\WINDOWS\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
%UserProfile%\Local Settings\temp\a.exe
%UserProfile%\Local Settings\temp\b.exe
%UserProfile%\Local Settings\temp\c.exe
C:\WINDOWS\system32\sshnas.dll
Trojan FakeAlert creates the following registry keys and values
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SSHNAS
HKEY_CURRENT_USER\SOFTWARE\XML
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sshnas
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sshnas
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\videohost
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sshnas
good information, it works for me…thanks a lot.
I believe I finally got rid of that bothering dialogue box. Thanks a lot!
OH MY GOD!! THANK YOU VERY MUCH!! NO MORE ALERTS!!
You’re surely a HERO for all users who got sshnas.dll or sshnas21.dll errors ;-D
Mil gracias por esta solución, mi equipo quedo limpio del todo, cabe comentar que la pantalla queda un rato en negro al reinisiarla OTM, no se espanten como yo, dejen que termine el proceso. Y si es necesario hacer el paso 2, MBAM encontro otros troyanos que tenia mi sistema. Confien en esta solución. Saludos!!!!!!!!!!!!!!!!!!!
Hi.. thnk you so much for the help.. all the steps worked perfectly n my laptop is trojan free.. 😀 thnk you so much.. !!!
Thanks to this. But i recommend all of you to use ESET smart security 4 🙂
Wonderfull. this is really helpful…now my computer is free from trojan! thank you so much!
worked like a charm
Sos un genio!!!!
Thankssssssss XD :-))))))))