|   |   |   | ||||
| Welcome to the GoFuckYourself.com - Adult Webmaster Forum forums. You are currently viewing our boards as a guest which gives you limited access to view most discussions and access our other features. By joining our free community you will have access to post topics, communicate privately with other members (PM), respond to polls, upload content and access many other special features. Registration is fast, simple and absolutely free so please, join our community today! If you have any problems with the registration process or your account login, please contact us. | 
|    | 
| 
 | |||||||
| Discuss what's fucking going on, and which programs are best and worst. One-time "program" announcements from "established" webmasters are allowed. | 
|  | Thread Tools | 
|  11-02-2004, 11:28 AM | #1 | 
| Too lazy to set a custom title Industry Role:  Join Date: Jul 2001 
					Posts: 59,204
				 | 
				
				I hate asking it but i need help getting rid of a trojan
			 1: I normally dont get infected 2: Im usually the person who know how to clean other peoples computer. But im stuck with this highly annoying trojan which wont go away. AVG and Panda online scan cant get rid of it. AVG finds the infected file, heals it but it keeps coming back. Even when i manually delete the infected/healed file. Its the trojan backdoor.midrug.b. It creates a file called msrss32.dll in the windows/system32 dir every time i reboot. Ofcourse i deleted that file but it just keeps appearing. It opens something in the background which spoofs an internet explorer page when checking what programs are running. This is the part where it opens a port i guess. Anybody any clue? The problem is google shows nothing about the trojan. | 
|   |           | 
|  11-02-2004, 11:29 AM | #2 | 
| Confirmed User Join Date: Jul 2004 
					Posts: 4,857
				 | slowly roll it down off your cock, then set in gently into a garbage can | 
|   |           | 
|  11-02-2004, 11:38 AM | #3 | 
| Confirmed User Join Date: Mar 2002 
					Posts: 1,130
				 | check the Prefetch dir probably have a file there that keeps loading it into the ram 
				__________________ "where ever you go..there you are." | 
|   |           | 
|  11-02-2004, 11:38 AM | #4 | 
| Confirmed User Join Date: Dec 2001 Location: Sunny Queensland - perfect one day and better the next. 
					Posts: 2,106
				 | Download the trial version of Kaspersky - kaspersky.com - you might find that gets rid of it. We've run AVG and Panda and they have missed a lot of stuff that Kaspersky has found and healed. 
				__________________ Left intentionally blank ... just like my brain | 
|   |           | 
|  11-02-2004, 11:40 AM | #5 | 
| When it rains, it pours Industry Role:  Join Date: May 2003 
					Posts: 20,609
				 | |
|   |           | 
|  11-02-2004, 11:49 AM | #6 | 
| Confirmed User Join Date: Jan 2001 Location: EU 
					Posts: 6,103
				 | turn system restore off in windows..restart...delete the file...restart again and tunr system restore on...I hope it will work | 
|   |           | 
|  11-02-2004, 11:49 AM | #7 | 
| Too lazy to set a custom title Industry Role:  Join Date: Jul 2001 
					Posts: 59,204
				 | Thanks will check it out. | 
|   |           | 
|  11-02-2004, 11:53 AM | #8 | 
| ►SouthOfHeaven Join Date: Jun 2004 Location: PlanetEarth MyBoardRank: GerbilMaster My-Penis-Size: extralarge MyWeapon: Computer 
					Posts: 28,609
				 | A good tip when tracking down bad files is to view common windows directories by date and see n programs.. use the search function and search for exe files created within the last few days.. 
				__________________ hatisblack at yahoo.com | 
|   |           | 
|  11-02-2004, 12:09 PM | #9 | 
| So Fucking Outlawed Industry Role:  Join Date: Nov 2001 
					Posts: 5,114
				 | Try using  Spy Sweeper | 
|   |           | 
|  11-02-2004, 12:15 PM | #10 | 
| Confirmed User Join Date: Sep 2003 Location: Los Begas 
					Posts: 9,162
				 | I found the backdoor.midrug.a variant listed on some foreign sites. This Chinese site says their anti-virus shareware program will fix it. (The "a" variant that is) Hopefully the program menus aren't in Chinese though  | 
|   |           | 
|  11-02-2004, 12:16 PM | #11 | 
| WW4L Join Date: Oct 2002 Location: over the river and through the woods 
					Posts: 10,581
				 | I have the same thing...and nothing has worked.. it wont even let my system resotre work..so its c/format for me.  I am just getting all my "stuff" on cd's and getting my programs in order. this thing is nuts.. | 
|   |           | 
|  11-02-2004, 12:19 PM | #12 | 
| Too lazy to set a custom title Industry Role:  Join Date: Jan 2001 
					Posts: 51,692
				 | I have a computer infected with that too . I gotta format it anyways it's full of crap | 
|   |           | 
|  11-02-2004, 12:25 PM | #13 | 
| Confirmed User Join Date: Mar 2004 Location: DK 
					Posts: 735
				 | Last edited by Lensman on 11-02-2004 at 05:40 PM Last edited by SmokeyTheBear on 11-02-2004 at 05:51 PM  They really are the same person. 
				__________________ Click Here | 
|   |           | 
|  11-02-2004, 02:10 PM | #14 | 
| Confirmed User Join Date: Dec 2002 Location: Br00klyn, NY 
					Posts: 245
				 | the trojan is most likely loaded in memory.. drop down to safe mode and delete the dll. if that doesnt help get a program called hijack and see what else is loaded in memory. 
				__________________ Skype: uws.ray | 
|   |           | 
|  11-02-2004, 02:15 PM | #15 | |
| Confirmed User Join Date: Sep 2003 Location: Los Begas 
					Posts: 9,162
				 | Quote: 
 | |
|   |           | 
|  11-02-2004, 02:24 PM | #16 | 
| sell me your banners Industry Role:  Join Date: Dec 2003 Location: on the tubes 
					Posts: 12,931
				 | maybe it changed something in your registry? I'd recommend PestPatrol for anything spyware/backdoor/trojan it finds everything and deletes it too. dunno if spending $$$ on all that software is usefull for just this one case. 
				__________________ Media Buyer - Sell me your traffic! FREE to register domains... Better than 99% of the crap sold here! | 
|   |           | 
|  11-02-2004, 02:38 PM | #17 | 
| Confirmed User Join Date: Sep 2002 Location: The Internet 
					Posts: 2,681
				 | just format and it's all good again.  | 
|   |           | 
|  11-02-2004, 02:39 PM | #18 | 
| Too lazy to set a custom title Join Date: Jun 2003 Location: Jesusland 
					Posts: 10,017
				 | Many times system restore is your enemy when you're trying to clean your computer. Always disable it first. 
				__________________ War National Damn Champions Eagle | 
|   |           |