I hate asking it but i need help getting rid of a trojan
 

1: I normally dont get infected
2: Im usually the person who know how to clean other peoples computer.

But im stuck with this highly annoying trojan which wont go away.
AVG and Panda online scan cant get rid of it.

AVG finds the infected file, heals it but it keeps coming back. Even when i manually delete the infected/healed file.

Its the trojan backdoor.midrug.b. It creates a file called msrss32.dll in the windows/system32 dir every time i reboot. Ofcourse i deleted that file but it just keeps appearing. It opens something in the background which spoofs an internet explorer page when checking what programs are running. This is the part where it opens a port i guess.

Anybody any clue? The problem is google shows nothing about the trojan.

slowly roll it down off your cock, then set in gently into a garbage can

check the Prefetch dir
probably have a file there that keeps loading it into the ram

Download the trial version of Kaspersky - kaspersky.com - you might find that gets rid of it.

We've run AVG and Panda and they have missed a lot of stuff that Kaspersky has found and healed.

House Call (Trend Micro)

http://housecall.trendmicro.com/hous...start_corp.asp

turn system restore off in windows..restart...delete the file...restart again and tunr system restore on...I hope it will work

Thanks will check it out.

A good tip when tracking down bad files is to view common windows directories by date and see n programs..

use the search function and search for exe files created within the last few days..

Try using
Spy Sweeper

I found the backdoor.midrug.a variant listed on some foreign sites.

This Chinese site says their anti-virus shareware program will fix it. (The "a" variant that is)

Hopefully the program menus aren't in Chinese though :winkwink:

I have the same thing...and nothing has worked.. it wont even let my system resotre work..so its c/format for me. I am just getting all my "stuff" on cd's and getting my programs in order.

this thing is nuts..

I have a computer infected with that too . I gotta format it anyways it's full of crap

Last edited by Lensman on 11-02-2004 at 05:40 PM
Last edited by SmokeyTheBear on 11-02-2004 at 05:51 PM

:helpme They really are the same person.

the trojan is most likely loaded in memory.. drop down to safe mode and delete the dll. if that doesnt help get a program called hijack and see what else is loaded in memory.

maybe it changed something in your registry?

I'd recommend PestPatrol for anything spyware/backdoor/trojan it finds everything and deletes it too.

dunno if spending $$$ on all that software is usefull for just this one case.

just format and it's all good again.:2 cents:

Many times system restore is your enemy when you're trying to clean your computer. Always disable it first.