Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations IamaSherpa on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
Trojan Horse Virus in my computer 1
- Thread starter kiernanf
- Start date
- Thread starter
- #3
There are two Trojans (Trojan Horse BackDoor.Mard & Trojan Horse Hide Window).
Locations are:
C:\WINNT\System32\meminstall.exe\import\exporer.exe
C:\WINNT\System32\meminstall.exe\import\gpiresul.exe
C:\WINNT\System32\import\meminstall.exe\import\explorer.exe
C:\WINNT\System32\import\meminstall.exe\import\gpiresul.exe
My system is Windows 2000 professional.
Thanks
Locations are:
C:\WINNT\System32\meminstall.exe\import\exporer.exe
C:\WINNT\System32\meminstall.exe\import\gpiresul.exe
C:\WINNT\System32\import\meminstall.exe\import\explorer.exe
C:\WINNT\System32\import\meminstall.exe\import\gpiresul.exe
My system is Windows 2000 professional.
Thanks
Howdy:
As per Trend..
Do a rescan after using Trends online scanner at
Launch Registry Editor. Click Start>Run, type REGEDIT then hit the Enter key.
In the left panel of the Registry Editor, double click the following:
HKEY_LOCAL_MACHINE>Software>Microsoft>Windows
>CurrentVersion>RunServices
In the right panel, look for and then delete this registry entry:
LoadProfile “C:\Windows\SYSTEM\Rundll.exe”
Close the Registry Editor.
Restart your computer.
Then, lose your Mirc program.. that's how they are getting in..
Murray
As per Trend..
Do a rescan after using Trends online scanner at
Launch Registry Editor. Click Start>Run, type REGEDIT then hit the Enter key.
In the left panel of the Registry Editor, double click the following:
HKEY_LOCAL_MACHINE>Software>Microsoft>Windows
>CurrentVersion>RunServices
In the right panel, look for and then delete this registry entry:
LoadProfile “C:\Windows\SYSTEM\Rundll.exe”
Close the Registry Editor.
Restart your computer.
Then, lose your Mirc program.. that's how they are getting in..
Murray
- Thread starter
- #5
Murray,
Thanks for the tip.
I went to Trends and did the online scan. They fond nothing.
I ran AGV again with the same result as before (4 infected files). I deleted these files with no adverse effect (so far).
I could not find Mirc or the registery file HKEY_LOCAL_MACHINE>Software>Microsoft>Windows >CurrentVersion>RunServices
on my computer.
Thanks for the tip.
I went to Trends and did the online scan. They fond nothing.
I ran AGV again with the same result as before (4 infected files). I deleted these files with no adverse effect (so far).
I could not find Mirc or the registery file HKEY_LOCAL_MACHINE>Software>Microsoft>Windows >CurrentVersion>RunServices
on my computer.
-
1
- #6
PrideOfManchester
Programmer
Hi mate
I had the same problem -
I couldn't find MEMINSTALL.exe - but I could find MEM.exe - should I delete this?
The problem I've had is that my antivirus software (AVG and antivurs.com) both deleted the trojan but when I start up Windows I now get the message in an update pop up box -
*/run:unable to open 'svchost32.exe' (line4, nvnav32g.dll)
I presume the programme hadsn't been fully deleted.
Cheers
Neil
I had the same problem -
I couldn't find MEMINSTALL.exe - but I could find MEM.exe - should I delete this?
The problem I've had is that my antivirus software (AVG and antivurs.com) both deleted the trojan but when I start up Windows I now get the message in an update pop up box -
*/run:unable to open 'svchost32.exe' (line4, nvnav32g.dll)
I presume the programme hadsn't been fully deleted.
Cheers
Neil
- Status
Similar threads
- Locked
- Question