Sections:
Introduction:
Today I noticed a little piece of malware running in the background which apparently just takes up CPU cycles (around 20% for me) and wastes bandwidth by downloading things.
I’m not sure what it downloads, because my firewall blocked its connection. Some people say it downloads more malware but I don’t know for sure. Either way it’s probably not something you want 😉
So I ran the programs that usually work (MalwareBytes, SuperAntiSpyware and Spybot) but none of them removed it. MalwareBytes said it was going to but it kept reappearing after a restart.
So, I did a search around the net and found how to remove it, but it was buried several posts in on a forum thread, so I thought I should make this guide to be more straight-forward than that.
Note that this fix works for most versions of Windows (XP, 2000, Vista and 7) but I made it on Windows 7, so the steps may be slightly different for other versions of Windows. It should still be straight-forward, though.
Am I Infected?
To see if you are infected with it, open Task Manager (ctrl+alt+del then click Start Task Manager), make sure you’re on the Processes tab, then click the Show processes from all users button at the bottom of that window.
Make sure the list is sorted by Image Name and see if stdrt.exe is listed there. If it isn’t there, congratulations! If you see it, follow the instructions below.
Step 1:
Download ComboFix as Combo-Fix.exe (not ComboFix.exe which is the default) and remember where you saved it.
Step 2:
Boot into Safe Mode.
To do this, restart the computer and as it is starting up, keep pushing F8 until you come to an option screen. Use the arrow keys to select Safe Mode and push Enter.
Step 3:
When Windows is loaded, find your Combo-Fix.exe and run it. Now just read the prompts and click accordingly, it’s a straight-forward process.
When it is finished cleaning your computer it will automatically restart it.
After that restart, it will take a few more minutes to finish up, so don’t use the computer until it is done.
Voila!
Thanks:
Artreid from the VistaHeads forum for the post that inspired this one.
August 23, 2011 at 9:54 pm
Didn’t work.
March 31, 2012 at 2:59 am
useless
August 15, 2012 at 12:14 pm
“stdrt.exe”, removal, finally.
Finally I have defeated the “stdrt.exe” that hides in C:/windows/temp/mrd……
It took me some time to deal with it but finally with the help of the free edition of “Malwarebytes”, it has gone, I found in my search for what it was that it is a programme that eats up your memory, and that it keeps re-appearing after removal on reboot.
There is a small programme that is hidden in your root files that re-installs this nasty little thing every time you re-boot, I don’t know what it is but this is how I got rid of this little pest.
I scanned the file “stdrt.exe” by right clicking on it then from the dropdown menu selected “scan with Malwearebytes”, after the scan Malwear asks you what you want to do, select “Remove selection” but do not re-boot at this stage.
Then go and do a “quick scan” of your system in Malwearbytes, you should end up with about 6 Infections, one of these is the root programme, only 5 of mine were selected automatically, so I selected the 6’th and then selected “Remove selection”.
You will now be prompted to re-boot your system, do it now.
On re-boot no more “stdrt.exe”.
Feel free to pass on this Info.
August 17, 2012 at 8:07 am
The only program that worked for me was UnHackMe and it removed the originating malware file: lnsecsl.exe … none of the other methods worked this was the only option that did work for me, hopefully it’ll work for you.
April 27, 2015 at 10:36 am
The combo fix did get rid of the stdrt.exe I tried several programs . Combofix removed it. Thanks for the tip
June 26, 2015 at 6:52 pm
Great program. It is the only one which really work for me. Finally stdrt.exe is gone. Uff! Thanks a lot for this tip.
March 26, 2016 at 12:34 pm
I’m using Windows Xp Pro and these two files were found relating to this pest.
They are: C :\Windows\Prefetch and Lnsecsl.exe-0200d9.pf C :\Windows\System32