sshnas.dll or sshnas21.dll is a component of trojan FakeAlert. The trojan come from malicious websites that ask users to download an Adobe Flash Player update or player needed to view a movie online. The filename of the trojan is flash-HQ-plugin. Once started, the trojan will download and install core components: c.exe, msa.exe and sshnas.dll (sshnas21.dll). When downloaded, it will be configured to start automatically when Windows starts. Trojan FakeAlert may display many popups and fake security alerts, hijack Internet Explorer, disable Windows Task Manager and Registry editor.Also it is usually installed in conjunction with a rogue antispyware programs.
If your computer is infected, then use these removal instructions below, which will remove sshnas.dll (sshnas21.dll) trojan and other components of trojan FakeAlert for free.
Symptoms in a HijackThis Log
O4 – HKCU\..\Run: [Videohost] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\c.exe
O4 – HKCU\..\Run: [SSHNAS] rundll32.exe C:\Windows\system32\sshnas.dll,DllWork
O4 – HKCU\..\Run: [LosAlamos] rundll32.exe C:\Windows\system32\sshnas.dll,AddConsoleAliasAW
O4 – HKCU\..\Run: [LosAlamos] rundll32.exe C:\Windows\system32\sshnas21.dll,AllocConsoleA
O4 – HKCU\..\Run: [Halo2] rundll32.exe C:\Users\username\AppData\Local\Temp\sshnas21.dll,GetMainWnd
Use the following instructions to remove sshnas.dll (sshnas21.dll) trojan and other components of trojan FakeAlert
Step 1.
Please download OTM by OldTimer from here and save it to desktop.
Run OTM. Copy, then paste the following text in “Paste Instructions for Items to be Moved” window (under the yellow bar):
:services
SSHNAS
:reg
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Videohost"=-
"SSHNAS"=-
"LosAlamos"=-
"Halo2"=-
:files
%windir%\msa.exe
%windir%\system32\sshnas.dll
%windir%\system32\sshnas21.dll
%windir%\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job
%windir%\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
:Commands
[emptytemp]
[Reboot]
Click the red Moveit! button. When the tool is finished, it will produce a report for you. If you are asked to reboot the machine choose Yes.
Step 2.
Download MalwareBytes Anti-malware (MBAM). Once downloaded, close all programs and windows on your computer.
Double-click on the icon on your desktop named mbam-setup.exe. This will start the installation of MalwareBytes Anti-malware onto your computer. When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure a checkmark is placed next to “Update Malwarebytes’ Anti-Malware” and Launch “Malwarebytes’ Anti-Malware”. Then click Finish.
MalwareBytes Anti-malware will now automatically start and you will see a message stating that you should update the program before performing a scan. If an update is found, it will download and install the latest version.
As MalwareBytes Anti-malware will automatically update itself after the install, you can press the OK button to close that box and you will now be at the main menu. You will see window similar to the one below.
Malwarebytes Anti-Malware Window
Make sure the “Perform quick scan” option is selected and then click on the Scan button to start scanning your computer. This procedure can take some time, so please be patient.
When the scan is finished a message box will appear that it has completed scanning successfully. Click OK. Now click “Show Results”. You will see a list of infected items similar as shown below.
Note: list of infected items may be different than what is shown in the image below.
Malwarebytes Anti-malware, list of infected items
Make sure all entries have a checkmark at their far left and click “Remove Selected” button. MalwareBytes Anti-malware will now remove all of associated Trojan FakeAlert files and registry keys and add them to the programs’ quarantine. When MalwareBytes Anti-malware has finished removing the infection, a log will open in Notepad and you may be prompted to Restart.
Note: if you need help with the instructions, then post your questions in our Spyware Removal forum.
Trojan FakeAlert creates the following files and folders
C:\WINDOWS\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job
C:\WINDOWS\msa.exe
C:\WINDOWS\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
%UserProfile%\Local Settings\temp\a.exe
%UserProfile%\Local Settings\temp\b.exe
%UserProfile%\Local Settings\temp\c.exe
C:\WINDOWS\system32\sshnas.dll
Trojan FakeAlert creates the following registry keys and values
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SSHNAS
HKEY_CURRENT_USER\SOFTWARE\XML
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sshnas
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sshnas
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\videohost
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sshnas
tremendous, wonderful help; my pc is clean at this moment;
such post or answers like this we need: short . concise and effective;
Thanks a lot;
Juan
Thanks, and thanks again.
The trojan was succesfully removed.
Thanks man, this had been annoying after I was away for a weekend and let my brother use my computer.
Been looking for awhile to get it solved. You’re the best 🙂
Great guide running the stuff atm, Before i used the OTM, MBAM only found 1 inffected file after i used it MBAM found 4 so i hope im clean, No clue why but if it works im happy and i was yust lucky i googled it after MBAM found it in the first place cause if i didnt i would still have does 3 other files hiding in there sorry for my messed up typing not really sure when to use , and . =P but thx for a great
*edit* Guide
Whoa! I was running windows7 and getting this error!
But it worked! Thanks! You made my day!
I was able to detect this trojan, but this guide helped me fully get rid of it. Thanks for your help!
Thanks a lot. 😉
It really works.
Good yob!
Wow, who are you and why do you help us poor slobs that know squat about computers lol!! But in all honesty, thank you very much for a very clear solution to the problem. I think I got the trojan from trying to install the Adobe flash player form the popup I kept getting – which leads me to ask, when is it Ok to install software from messages like that? I’ve done software upgrades many times in the past with no problem.
Excellent software works great, also had win 7 and got rid of the trojans no problem. Thanks for the guide.
Windows Defender detected and quarantined it, but obviously did not remove it. This worked a treat, thanks. Win7 64x for operating system.
I had Mccafee with me which did remove the dll, but could not remove the startup message. Thanks to this software for helping to remove all the oher spywares along with the startup message
thanks man you rule
hey dude,
it was fantastic. It really worked.
tnx a lot
Thanks man!!!!
thanks!
Patrik, Great Job, Thanks for your support.
thanks a lot from italy!!!
it works on vista too, thanks very very much 🙂
Thanks so much for the help! Norton found this but I still got the “can’t find sshnas.dll” message. Ran MBAM and not only did it fix this problem but found other “leftover” pieces of code that needed to be removed. THANKYOUSOMUCH!
You are the best!!! you save my PC!!!
Thanks for posting this amazing useful tip!
That trojan got very annoying…
You know…I really appreciate the help you provided. It’s benevolent people/orgs like yourself that contribute to humanity rather than screwing us.
Thank you…
Que Deus te abençoe! =P (e amaldiçoe quem criou estes virus! xD)
Thanks from Germany to you,
I followed step 1 + 2 with best result.
after two hours with no result i have found your solution in the web. It was not easy to find, at first.
many thanks. It solved the= “means” MY Problem too.
Otherwise I had to restart the whole program.
Your gift was a longer night. Muc better than a sleepless night with lost time.
Thanks so much!
Easy to follow and worked out well 😀
So awesome!
What would the Internet be without guys like you.!
Thanks for helping me out with this problem
Really works!
Thanks a lot….
great job cleared my problems first go thank you very much
You fixed it, thanks a lot!