sshnas.dll or sshnas21.dll is a component of trojan FakeAlert. The trojan come from malicious websites that ask users to download an Adobe Flash Player update or player needed to view a movie online. The filename of the trojan is flash-HQ-plugin. Once started, the trojan will download and install core components: c.exe, msa.exe and sshnas.dll (sshnas21.dll). When downloaded, it will be configured to start automatically when Windows starts. Trojan FakeAlert may display many popups and fake security alerts, hijack Internet Explorer, disable Windows Task Manager and Registry editor.Also it is usually installed in conjunction with a rogue antispyware programs.
If your computer is infected, then use these removal instructions below, which will remove sshnas.dll (sshnas21.dll) trojan and other components of trojan FakeAlert for free.
Symptoms in a HijackThis Log
O4 – HKCU\..\Run: [Videohost] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\c.exe
O4 – HKCU\..\Run: [SSHNAS] rundll32.exe C:\Windows\system32\sshnas.dll,DllWork
O4 – HKCU\..\Run: [LosAlamos] rundll32.exe C:\Windows\system32\sshnas.dll,AddConsoleAliasAW
O4 – HKCU\..\Run: [LosAlamos] rundll32.exe C:\Windows\system32\sshnas21.dll,AllocConsoleA
O4 – HKCU\..\Run: [Halo2] rundll32.exe C:\Users\username\AppData\Local\Temp\sshnas21.dll,GetMainWnd
Use the following instructions to remove sshnas.dll (sshnas21.dll) trojan and other components of trojan FakeAlert
Step 1.
Please download OTM by OldTimer from here and save it to desktop.
Run OTM. Copy, then paste the following text in “Paste Instructions for Items to be Moved” window (under the yellow bar):
:services
SSHNAS
:reg
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Videohost"=-
"SSHNAS"=-
"LosAlamos"=-
"Halo2"=-
:files
%windir%\msa.exe
%windir%\system32\sshnas.dll
%windir%\system32\sshnas21.dll
%windir%\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job
%windir%\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
:Commands
[emptytemp]
[Reboot]
Click the red Moveit! button. When the tool is finished, it will produce a report for you. If you are asked to reboot the machine choose Yes.
Step 2.
Download MalwareBytes Anti-malware (MBAM). Once downloaded, close all programs and windows on your computer.
Double-click on the icon on your desktop named mbam-setup.exe. This will start the installation of MalwareBytes Anti-malware onto your computer. When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure a checkmark is placed next to “Update Malwarebytes’ Anti-Malware” and Launch “Malwarebytes’ Anti-Malware”. Then click Finish.
MalwareBytes Anti-malware will now automatically start and you will see a message stating that you should update the program before performing a scan. If an update is found, it will download and install the latest version.
As MalwareBytes Anti-malware will automatically update itself after the install, you can press the OK button to close that box and you will now be at the main menu. You will see window similar to the one below.
Malwarebytes Anti-Malware Window
Make sure the “Perform quick scan” option is selected and then click on the Scan button to start scanning your computer. This procedure can take some time, so please be patient.
When the scan is finished a message box will appear that it has completed scanning successfully. Click OK. Now click “Show Results”. You will see a list of infected items similar as shown below.
Note: list of infected items may be different than what is shown in the image below.
Malwarebytes Anti-malware, list of infected items
Make sure all entries have a checkmark at their far left and click “Remove Selected” button. MalwareBytes Anti-malware will now remove all of associated Trojan FakeAlert files and registry keys and add them to the programs’ quarantine. When MalwareBytes Anti-malware has finished removing the infection, a log will open in Notepad and you may be prompted to Restart.
Note: if you need help with the instructions, then post your questions in our Spyware Removal forum.
Trojan FakeAlert creates the following files and folders
C:\WINDOWS\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job
C:\WINDOWS\msa.exe
C:\WINDOWS\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
%UserProfile%\Local Settings\temp\a.exe
%UserProfile%\Local Settings\temp\b.exe
%UserProfile%\Local Settings\temp\c.exe
C:\WINDOWS\system32\sshnas.dll
Trojan FakeAlert creates the following registry keys and values
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SSHNAS
HKEY_CURRENT_USER\SOFTWARE\XML
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sshnas
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sshnas
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\videohost
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sshnas
Its working on windows 7 and deleted the files…..but Malwarebyte keep showing that it detect this trojan whenever i start internet explorer..(but no problems)
I’m wondering how it shows it is cleaned and showing the detection each first start of internet explorer? it seems that there is a hidden service or file…any idea?
Thanks a lot, you are the best !!!
Firo, start a new topic in our Spyware removal forum. I will check your PC.
Thanks a lot! worked perfectly! u saved my laptop 🙂
man tnx a lot your description was exellent!!!!!!!
Thanks — it really helped
Thanks from Azerbaijan. Thanks. :)It’s very good.
Thanks a bunch
THANX MACHU>>>>>>>it ws so helpful…..
thx alot, it works perfectly, loph you full
Big thanks for this guide, have been looking since yesterday and was on the brink to reinstall my cp but this really saved me :D! All i have to do now is rapair all the damage i managed to create befor i found this guide x’D
Thank you very much for the answer of this bad problem.
Dave from France
excellent work! thanks from rome! =)
OMG THANK YOU SO MUCH
this guide is excellent
it works excellent!
thank you very much.
you save me from lots of tears.
cheers from croatia!
Thanks man.
thank you very much. perfect instructions.
THANK YOU SO VERY MUCH. KEEP UP THE GOOD WORK!
Yes, ok. I removed. Thansk. No viruse on my pc 🙂
muitissimo util o programa e as recomendaçoes do adm!!
working perfect!!!
thanks!
merci beaucoup grace a ce service j’ai pu réparé mon ordi je le recommande
I had disabled the service sshna on my system when I was scanning through the services running on my PC. When I searched I found your web page and I was able to fully remove the service and he associated files. I then scanned through the malware but it did not find anything on my pc.
Thank you very much!!!!
That was easy!
Thanks !!!
The best help that i saw !
Congratulations on forum!
Thank you so much !!
thx i think this worked for me. but i had to run anti malware before and after OTM.
Thanks a lot!
Thank You very much
It was easy, helpful and now i don’t have any problem.
The site is very good.
!!!!!!!!Bye!!!!!!!!!
I’ve tried to do this. The OTM couldn’t find anything, but the Malwarebytes found seceral files and said that its deleted now.
I dont know if its related to this problem but I execute several programes and sometimes my touchpad freezes. I tried to download an anti-virus but I cannot run that also. Does anybody know what could be the solution?
I updated my win 7 yesterday and since then Its weird.
Thanks!
thank you ….
perfect…