Trojan Messiness.

Hi, I wonder if you guys can help me.

I recently installed AVG (free version) and upon running it found that I had a virus called BackDoor_Mird stuck in my Taskmanager's exe.

AVG cannot remove the virus and asked if I wanted to send it to the Virus Vault... I did and AVG died on me (became 'not responding' in the task manager). I have searched the net for a reference to this virus and have drawn a blank, also I am starting to get strange effects, such as Adobe Acrobat closing down when it is opened and not being able to see the files in the program files directory.

Anybody got any advice for me on this?

I am using Windows 2000 Professional and AVG is my only virus protection. I am connected to the internet via NTL Broadband (600K connection).

 

<img src=http://forums.techguy.org/attachment.php?s=&postid=720345>
TO T.S.G.

mard is not a virus,its a trojan.....
if your happy editing the registry these are the removal instructions.
launch Registry Editor. Click Start>Run, type REGEDIT then hit the Enter key.
in the left panel of the Registry Editor, double click the following:
HKEY_LOCAL_MACHINE>Software>Microsoft>Windows
>CurrentVersion>RunServices
in the right panel, look for and then delete this registry entry:
LoadProfile “C:\Windows\SYSTEM\Rundll.exe”
Close the Registry Editor.
restart your computer.
scan your computer with FULLY UPDATED trojan/anti-virus software.





if you want to do it automated....
.......you will need a trojan specific program to completely remove this pest.

you can scan online here:http://www.anti-trojan.net/en/onlinecheck.aspx[/url then post back here with the results

 

Thanks for the tip... I shall try it out shortly and get back to you with the results.

One thing... I'm absolutely sure AVG registered the trojan as Mird and not Mard... I could be wrong and will check when I get to my own machine.

Thanks for your time, mate.

 

your welcome...........it is actually Backdoor_Mard i promise you

someone will help you further if needed.
catch you later.

 

You were right it was Mard, but when I looked in the regedit, Rundll.exe was not there. Any where else it could be hiding?

(AVG insists that it is the task manager program that is infected...)

Once again I am

 

Well, Let's see where it's hiding. Go here and download, unzip and run StartupList. It will create a log file, copy the log and paste it in a reply.

http://www.lurkhere.com/~nicefiles/index.html