Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

IRC/backdoor.flood virus 3

Status
Not open for further replies.
Accessdabbler

Accessdabbler

Technical User
Oct 15, 2002
728
0
0
CA
I'm helping someone remove a virus on their computer.

Grisoft's AVG6 found the IRC/backdoor.flood virus on the computer but it wouldn't remove it. I'm not sure why.

It looks like there are 4 files infected (one called whore.exe). Is there any reason why AVG6 is not cleaning this virus from the system?
 
Sort by date Sort by votes
Some files are not repairable.
If it is DEFINITELY a virus file, it needs to be deleted.
Depending on how you have your scanner set up, it will either remove virus or ask. Double click the square virus scanner icon on the task bar and check the settings.

Try running the scan in safe mode- the files should then not be locked by being in use within windows.

If you need more help, post again and I will dig up the specifics for you.

:) Kimber

The more I learn,I realize how much more there is to know!
 
Upvote 0 Downvote
Not sure if this thread is dead. But, I guess it will not hurt to respond for future reference.

It installs MIRC on your computer. remove it. here is a list of files that the virus installed for me:
all contained in C:\WINNT\SYSTEM32close.dll
del.bat
EXPL32.EXE <IRC Program>
hideapp.exe
ipservers.txt
libparse.exe
moo.dll
nhtml.dll
nicks.txt
psexec.exe
reg.xpl
remote.ini
server.txt
syn.exe
empavms.exe (guess it tries to EMP anti-virus software?)
impvms.dll
mirc.ini
msccct~1.ocx
script1.dll
secure.bat
smurf.exe
spig.txt
wincmd34.bat
aliases.ini
bnc.dll
config.hfg

I also did this:
had to endtask MSMNGR32.EXE and delete it.
I think its in c:\winnt\system32\windowsupdate folder

went into regitry:
HKLM/software/microsoft/windows/curentversion/run
delete the registry that ran msmngr32..

I also did a search in the registry for MIRC and WUPD (seperate search), and deleted. I think I should also have did a search for all bat and exe virus files it found in the registry and removed those.

When I wasnt able to remove it at 1st.. I stopped it from running by going into safe mode.. going to the directory of the virus.. removing the exe virus file and creating a direcory called whatevervirusfileis.exe in order to stop the virus in making that virus.. but after i did all above, i didnt need to do that.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

iambob
  • Locked
  • Question
Avast Anti-Virus is.. a virus?! 3
Replies
5
Views
99
Oorde
Oorde
andyv2011
  • Locked
  • Question
Looking at Virus Actions
Replies
0
Views
48
andyv2011
andyv2011
Tiffc0922
  • Locked
  • Question
Virus / Malware Scans on Local PCs
Replies
5
Views
72
goombawaho
goombawaho
kharrison70
  • Locked
  • Question
Meskisift Visaal Studie Virus? 6
Replies
6
Views
81
goombawaho
goombawaho
CCX008
  • Locked
  • Question
Barowwsoe2save , how can I remove this stubborn virus !! 3
Replies
10
Views
98
goombawaho
goombawaho

Part and Inventory Search

Sponsor

Back
Top