Jump to content

Trojan Vundo in psqlpwd.dll & Registry entries

Recommended Posts

- If this no the correct forum please advise and I will repost - thanks

The Problem:

- I updated Malwarebytes on my XP Pro Toshiba laptop last night and ran it.

- This morning it reports Trojan Vundo in...


HKey_LocalMachine\software\microsoft\windows\CurrentVersion\SharedDLL\Windows\System32\psqlpwd.dll Value c:\windows\system32\psqlpwd.dll

HKey_LocalMachine\software\microsoft\windows NT\Current Version\Winlogon\Notify\psfus

Apparently this has to do with the fingerpring device on my Toshiba Tecra laptop (Fingerprint Potector Suite Check) and Googling it I find at least one place that tells me not to remove it.

The Question:

- How do I get rid of this Malware without having to reinstall the system.

I really appriceate any help.


Link to post
Share on other sites

Anybody know if this is a false positive? It was never there before... so I conclude that my XP-Pro laptop was just infected with it.

And... if it is NOT a false-positive... then I still do not know if it is safe to let Malware bytes "remove" it and the two registry entries.

Thanks for any help on what I should do next.

Link to post
Share on other sites

Check the False Positive part of the forum. I posted a thread there and it's been resolved. I also have a Thinkpad laptop. :D

I always google stuff now before I let any security software get rid of anything, after having permanently lost a file I didn't want to lose to security software a few months back. This .dll had such an oddball name that it really startled me to see it come up last night, but I took a deep breath and did some more checking. The Malwarebytes people were very quick to respond to this. Great job! I'm really impressed.

Link to post
Share on other sites

  • Root Admin
Type: Winlogon Notify

Name: psfus

Filename: psqlpwd.dll

Description: Protector_Suite

This entry is classified as legitimate.

It is either part of a legitimate program or the operating system itself. Removal is not needed.

I would post in the FP forum and try to upload the file just in case some Malware has injected it.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.