I have the exact same Trojan Horse, only the file is named botsetups.exe The full filepath is: C:\WINNT\system32\botsetups.exe Any ideas for this one?

0

Hi I have updated the AVG Antivirus on my Win2000 system but everytime I run the antivirus, the IRC/BackDoor.flood virus is detected but its unable to be cleaned, please assist me, its very frustrating. I happen to be running morpheus for downloading music and I suspect this virus orginated from it.

0

I have gone through a few rounds now, but I don't seem to have had any damage done to my computer. Here is a summary of what I've learned based on my experience of dealing with this virus. note that I'm no computer por, just a guy that hates that virus message as much as everyone else: I run AVG to scan and fix viruses. twice now I've had this virus. I suspect that my computer contracted it through file sharing which I do for music (via Win MX). AVG first detects two corrupt files, then heald one but not the other. after the first time AVG deals with the virus, it will always tel you you have 1 infected file, but not remove it to the vault, nor heal it. If you run AVG while in windows explorer you can more accuratly identify the infected file. typically the file is in c:\winnt\system32 right click on this folder, and select Scan with AVG. identify, then find the infected file. Scan the specific file you hunt down so that you're aure you've got it. Then deleate that file. This can be scary if, like me, you don't have any idea what any of the files in this folder do, but I've done this twice now, and have had no system problems. I suspect that the virus installs this file in this folder. further I think that the file AVG did heal was an important file for this virus, and that it doesn't work so well as only one file. (Again, I don't really know what I'm talking about, this is just a feeling based on what I've observed. Any way, run AVG again after deleating this file to see if it's gone. This has worked for me twice. Good Luck and happy downloading. Since dealing with this, I've set up all my filesharing to use the My Recieved Files folder, and I scan it before I move any files out of it. So far so good. It's a crazy world full of crazy people.

0

OCXDLL.EXE, TASKMNGR.EXE, TASK32.EXE, MDM.EXE, these are all indications of a mIRC trojan. I wrote 2 parts of analysis on Google discussion group back in late Aug. and early Sept., which you can find the links at www.kylelai.com/mIRC_Virus_Analysis.htm. Astalavista.com has published my trojan analysis in a nice format at: http://www.astalavista.com/trojans/library/trojans/analysis/mirc_trojan_analysis.shtml You can also find an article talking about where trojans can reside inside your computer. http://webpages.charter.net/klai168//trojan_paper.htm A discussion group I am still helping out is at newbie.org under the topic "taskmngr.exe." http://www.newbie.org/help/messages/2553.html Base on the discussion at newbie.org, many people are still suffering from this trojan, and it has spread several times. People who has been infected more than once should change their administrator passwords right away to something hard to guess! Good Luck, /Kyle Kyle Lai Consulting kyle@kylelai.com www.kylelai.com

0