1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Backdoor.Mard ........ HOW do I remove it

Discussion in 'Virus & Other Malware Removal' started by Gary R, Jan 21, 2003.

Thread Status:
Not open for further replies.
Advertisement
  1. Gary R

    Gary R Thread Starter

    Joined:
    Aug 9, 2001
    Messages:
    1,440
    Updated AVG today (Tues) & ran it. It detected the following:
    :
    Backdoor.mard in Mirc32.exe.
    :
    :
    What is the procedure for removing it/
    Do I have to back up all files, or can it be disposed of safely?
    How come AVG & ZoneAlarm (both freeware versions) let it through
     
  2. $teve

    $teve

    Joined:
    Oct 9, 2001
    Messages:
    9,396
    because its not a virus,its a trojan..........a/v software is not equipped to deal with most trojans.
    if avg detected it,see if it can deal with it..........if so,it should be ok.
    in any case,download "the cleaner" www.moosoft.com
    update and run the program.
    it will deal with it.
    need any more help........just ask.
    good luck;)
     
  3. brendandonhu

    brendandonhu

    Joined:
    Jul 8, 2002
    Messages:
    14,681
    ZoneAlarm manages internet traffic, thats all.

    You said AVG detected it, and then you said AVG let it through :confused:
     
  4. Gary R

    Gary R Thread Starter

    Joined:
    Aug 9, 2001
    Messages:
    1,440
    UPDATE!!!!
    :
    Just tried to run mIRC32 ...... When AVG fixed the trojan, it removed the mirc32.exe file, so I will have to reload the program :(
    :
    :

    $teve .... Ok, thanks for info on that Trojan program. Will take a look at it. Might be good idea to get it since I get on IRC fairly often.
    :
    :
    Brendandonhu....
    :
    Ok, here's what happened, AVG had an update on their site & so I downloaded it. After doing so, I ran it, and it said Backdoor.mard had been detected but that was all--it didn't offer to fix or quarantine it.
    Each time I clicked on the Mirc folder a warning screen came up warning me that Backdoor.mard was found and did i want to keep it from working, & AVG showed a "Allow Access" NO button and it also ran a 30 second timer. I would hit enter, & the warning screen would go away. I looked around in Mirc folder to see if I could find something--I didn't tho' :)
    :
    I posted my question..., then just for the heck of it I ran WindowWasher 4.7 with all boxes except those for AOL checked, then scandisk, & Defrag.
    After running Defrag, I then ran AVG, & this time it informed me Backdoor32.mard had been found and was being fixed. Then it said the trojan had been quarantined.
    I turned the comp off, let it set a minute or so, then turned it back on, and there was no AVG warning, so out of curiosity I ran AVG again & it said everything was fine -- no viruses detected....
     
  5. $teve

    $teve

    Joined:
    Oct 9, 2001
    Messages:
    9,396
    gary.....if you use mirc then the cleaner is a good thing to have.
    it sits there silently monitoring your system and wont let anything change any registry settings until you ok it.which is handy if anything sneaks by your firewall.;)
     
  6. Enigma_DS

    Enigma_DS

    Joined:
    Jan 24, 2003
    Messages:
    5
    I have reason to believe this is a bug in the newest update that grisoft/avg released on Jan/21/2003. I have two old copys of mirc 5.7 sitting on an backup partition that AVG picked as being "backdoor.mard". While info on backdoor.mard seems to be non-existant.. all Ive managed to find is that it first showed up late summer of 2000. So I really have no idea how it is contracted. But I watch my systems heavly and keep them upto date so it seems weird this would just happen. To test this theory I downloaded a clean (or so I hope) copy of 5.7 from http://mirc.stealth.net/download/oldver.html and scaned it with AVG.. sure enough it claimed the mirc32.exe for 5.7 was infected with "backdoor.mard". Im starting to question if this is an error in grisofts latest avg update. Granted in theory it could be posible that as soon as I downloaded and extracted the file something in the background could have infected the mirc32.exe file that seems out of the question as I know everything thats running in the background and its the normal services that have always been running. Also if AVG picks up backdoor.mard in mirc32.exe in theory it should pick it up else where. Again having no idea how backdoor.mard works its only a guessing game right now. Older versions of AVG didnt pick this up and it doesnt pick this up with mIRC v6.03

    Ill report the findings of the rest of my test soon.

    oh and AVG for me when it found it "healed its self" (quarantined it).
     
  7. Enigma_DS

    Enigma_DS

    Joined:
    Jan 24, 2003
    Messages:
    5
    My testing with an older version of AVG and with the latest version of The Cleaner found nothing. This has got to be an error with grisofts latest AVG update. I even ran the so-called trojan and watched where I connected to.. the only thing I connected to was the server I wanted to connect to. I dont see any weird connections while running it. Im reporting this to grisoft/AVG and see what they say. Seeing as this backdoor.mard is almost 3 years old I dont think there would be some all of a sudden out of nowhere update to it.
     
  8. Enigma_DS

    Enigma_DS

    Joined:
    Jan 24, 2003
    Messages:
    5
    so avg agrees this seems to be an error in the latest update. Here is an email I got from them in reply to my reporting of this problem.




    Dear Sir/Madam,

    We are very sorry about the problem
    Reported problem will be solved in the next update of AVG 6.0
    Anti-Virus

    Best regards,

    Miroslav Koutny
    AVG Technical Support

    website: http://www.grisoft.com
    mailto: [email protected]
    On Fri, 24 Jan 2003 03:48:24 -0500 you wrote:

    >I downloaded the 1/21/2003 update to AVG and it found an old backup
    of mIRC
    >5.7 mirc32.exe to be infected with "backdoor.mard". Questioning this
    I
    >looked for info dealing with "backdoor.mard" and while I found no
    really
    >helpful info about it, I did find that its from around the summer of
    2000.
    >Something that old I dont see as all of a sudden getting an update
    to it
    >that would warrent AVG picking it up when it never has before. To
    test this
    >I used a common trojan finder called "The Cleaner" from
    >http://www.moosoft.com/thecleaner. It didnt find anything either. I
    also
    >tested this with an older version of AVG and it didnt find it
    either. Seeing
    >as the new update doesnt speak of adding detection of a
    "backdoor.mard" and
    >that "backdoor.mard" is nearing 3 years of age this testing leads me
    to
    >believe that this is a false positive caused by the 1/21/2003 AVG
    update.
    >Just to test even more so I ran the so-called infected file and
    watched
    >where I connected to. There was only one connection made.. and that
    was to
    >the server I was connecting to. This also leads me to believe that
    this is a
    >false positive caused by the 1/21/2003 AVG update. Then I went out
    and
    >downloaded a clean version of 5.7 from
    >http://mirc.stealth.net/download/oldver.html and the 1/21/2003
    update also
    >said it was infected with "backdoor.mard".. however an older version
    of AVG
    >nor did The Cleaner find anything. Again this leads me to believe
    that this
    >is a false positive caused by the 1/21/2003 AVG update. Im not the
    only one
    >to have this problem. I found this fourm tonight in which someone
    speaks of
    >the same problem. That fourm/thread can be found here
    >http://forums.techguy.org/t114558/s25203a227fef5477e8d94807a4a33ea3.h
    tml
    >
    >It would be nice if you would download 5.7 from
    >http://mirc.stealth.net/download/oldver.html and test it to see if
    this is a
    >true infection or a false positive caused by the 1/21/2003 update.
    If this
    >however is a true infection I would very much like to know and know
    more
    >info about "backdoor.mard" as there is a security flaw on one of my
    machines
    >that needs to be found.
    >
    >
    >Thank you for your time.
    >
     
  9. dvl666stn

    dvl666stn

    Joined:
    Jan 26, 2003
    Messages:
    1
    I myself found that i had the Backdoor.mard virus when i updated AVG.. The only diffrence i noticed was my keyboard was all screwed up example:- p-3 w-1 etc etc...

    Also on booting (loading windows XP) i noticed my keyboard lock light came on and stayed on...

    Sure this is a mistake by AVG ?

    Regards

    Mike
     
  10. brendandonhu

    brendandonhu

    Joined:
    Jul 8, 2002
    Messages:
    14,681
    If it happened to both of you, I'll bet its a problem with AVG.
     
  11. Bdaz1

    Bdaz1

    Joined:
    Jan 26, 2003
    Messages:
    1
    I too was alerted by AVG that it found the Trojan Horse "BackDoor.Mard". I also updated AVG on 1/23/03.

    It said it was 1 infected file: C:\_RESTORE\TEMP\A0612379.cpy
    and recommended moving it to the "Virus Vault". Upon selecting this option, AVG said it cannot delete this file and terminated the AVG program showing 1 Virus found, 0 files fixed, 1 virus still on the PC.

    I also email AVG Tech Support and am awaiting an answer. I did download the trial version of "The Cleaner" mentioned earlier in this thread and ran it. The Cleaner did NOT find the Backdoor Trojan.
     
  12. brendandonhu

    brendandonhu

    Joined:
    Jul 8, 2002
    Messages:
    14,681
    OK its definitely giving a false positive on certain files and backdoor.mard.

    From this thread alone theyve been emailed twice, im sure it will be fixed. For now, ignore AVG if it reports this virus.
     
  13. Gary R

    Gary R Thread Starter

    Joined:
    Aug 9, 2001
    Messages:
    1,440
    When AVG found .mard it just said it was being fixed, then quarantined. Then I found out that the .exe file for mIRC5.7 had been deleted.
    I downloaded / set up mIRC 6.03 & so far no problems with AVG -- however, they hadn't updated their files by late Saturday nite (Pacific Coast time), so anxious to see if they do get the problem cleared up.
     
  14. thumper66

    thumper66

    Joined:
    Jan 28, 2003
    Messages:
    35
    its now 5.05pm gmt on Tuesday 28/1/03 and as of yet theres no word of an update on the Grisoft site. I've had this problem and so have some friends ..but I suppose its slightly better that its a false positive than missing a real infection :rolleyes:
     
  15. djtipmothee

    djtipmothee

    Joined:
    Jan 28, 2003
    Messages:
    6
    I have exactly the same problem with the exact same symptoms.
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/114558

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice