Trojan Agent._r.ASR - mrxsmb.sys

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

CastleHeart

Thread Starter
Joined
May 4, 2002
Messages
743
Hey folks,

Yesterday I got a message that AVG found:
C:\WINDOWS\system32\drivers\mrxsmb.sys
infected with:
Trojan horse Agent_r.ASR
and then says:
Object is white-listed (critical/system file that should not be removed)

Well... that was a bit troubling ... Then I discovered that I could no longer print to device print /D:\\
in the command window to a certain USB printer. Checking it out I found I could not print to either printer
- but they work and windows programs print fine and - so I figure it is tied to the mrsxsmb.sys file.
They have always printed via the CMD window and I did so on a daily basis.
Now it simply says: cannot initialize device

How can I get back a previous good version of this file? I did a sucessful system restore back a day (I usually go
back several) and realized the infection may have been that day - so I did another but... I then made the mistake of
forgetting to turn off AVG :( - which of course failed - but it seems that whatever
these AV programs do to mess up restore remained and now it will not restore back to any date
even with AVG off - so that option seems lost.

I want the infection gone - not just "noted". I don't see references to this exact trojan
out there in the fantabulous interweb.

Any glimmers of hope to get my PC working again?

- Castleheart
 

CastleHeart

Thread Starter
Joined
May 4, 2002
Messages
743
UPDATE:

I remembered that I have a second XP boot setup on D:
So I copied the mrxsmb.sys and replaced the bad one.

In the process, I did get AVG to address AND quarrantine
the Trojan. I felt better about that. Now I have shut sys restore
down to clear the points and restarted it.

Bad news is - this DID NOT cure my problem with printing to Device
from the CMD window. I will start a new post in another forum for that.

Thanks, (y)
CH
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Members online

Top