Skip to main content
Skip to main content
Microsoft Security Intelligence
Cart 0 items in shopping cart
Sign in
Published Jul 11, 2005 | Updated Sep 15, 2017

Backdoor:Win32/Samsteal.A.dll

Detected by Microsoft Defender Antivirus

Aliases: No associated aliases

Summary

Backdoor:Win32/Samsteal.A.dll is a component of Backdoor:Win32/Samsteal.A. The .dll file is dropped by Backdoor:Win32/Samsteal.A.dr. It is used to log keystrokes and collect data from the Windows registry. This information is uploaded to certain Web sites or sent in e-mail attachments by Backdoor:Win32/Samsteal.A.
To recover manually from Backdoor:Win32/Samsteal.A.dll, follow these steps:
  1. Disconnect from the Internet.
  2. Perform the manual recovery steps for Backdoor:Win32/Samsteal.A.
  3. Delete the .dll file.
  4. Restart your computer.
  5. Take steps to prevent re-infection.

Disconnect from the Internet

To help ensure that your computer is not actively infecting other computers, disconnect it from the Internet before proceeding. Print this Web page or save a copy on your computer; then unplug your network cable and disable your wireless connection. You can reconnect to the Internet after completing these steps.

Perform the manual recovery steps for Backdoor:Win32/Samsteal.A

Follow the manual recovery instructions for the parent variant Backdoor:Win32/Samsteal.A.

Delete the .dll file

To delete the .dll file
  1. Click Start, and click Run.
  2. In the Open field, type %windir%\VirtualMGR, for example, C:\Windows\VirtualMGR
  3. Click OK.
  4. Click Name to sort files by name.
  5. If the files winsock.dll and winfw32.dat are in the list, delete them.
  6. On the Desktop, right-click the Recycle Bin and click Empty Recycle Bin.
  7. Click Yes to confirm the deletion.

Restart your computer

To restart your computer
  1. On the Start menu, click Shut Down.
  2. Select Restart from the drop-down list and click OK.

Take steps to prevent re-infection

Do not reconnect your computer to the Internet until the computer is protected from re-infection. See the "Preventing Infection" section for more information.
Follow us