1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Trojan Agent._r.ASR - mrxsmb.sys

Discussion in 'Virus & Other Malware Removal' started by CastleHeart, Nov 17, 2011.

Thread Status:
Not open for further replies.
  1. CastleHeart

    CastleHeart Thread Starter

    Joined:
    May 4, 2002
    Messages:
    743
    Hey folks,

    Yesterday I got a message that AVG found:
    C:\WINDOWS\system32\drivers\mrxsmb.sys
    infected with:
    Trojan horse Agent_r.ASR
    and then says:
    Object is white-listed (critical/system file that should not be removed)

    Well... that was a bit troubling ... Then I discovered that I could no longer print to device print /D:\\
    in the command window to a certain USB printer. Checking it out I found I could not print to either printer
    - but they work and windows programs print fine and - so I figure it is tied to the mrsxsmb.sys file.
    They have always printed via the CMD window and I did so on a daily basis.
    Now it simply says: cannot initialize device

    How can I get back a previous good version of this file? I did a sucessful system restore back a day (I usually go
    back several) and realized the infection may have been that day - so I did another but... I then made the mistake of
    forgetting to turn off AVG :( - which of course failed - but it seems that whatever
    these AV programs do to mess up restore remained and now it will not restore back to any date
    even with AVG off - so that option seems lost.

    I want the infection gone - not just "noted". I don't see references to this exact trojan
    out there in the fantabulous interweb.

    Any glimmers of hope to get my PC working again?

    - Castleheart
     
  2. CastleHeart

    CastleHeart Thread Starter

    Joined:
    May 4, 2002
    Messages:
    743
    UPDATE:

    I remembered that I have a second XP boot setup on D:
    So I copied the mrxsmb.sys and replaced the bad one.

    In the process, I did get AVG to address AND quarrantine
    the Trojan. I felt better about that. Now I have shut sys restore
    down to clear the points and restarted it.

    Bad news is - this DID NOT cure my problem with printing to Device
    from the CMD window. I will start a new post in another forum for that.

    Thanks, (y)
    CH
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1027253

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice