|
Posted by markp on March 17, 2006, 12:56 pm
If you were Registered and logged in, you could reply and use other advanced thread options
Hi All,
I'm making this post for others who may have the same problem.
Recently I gained a trojan on my XP Home machine. I have several anti-virus
scanners, but AVG was the only one of my set that recognised it as a problem
(it could heal, but not remove the problem). The symptom is that a file is
created in the Windows\System32 directory named Idxxxx.tmp where xxxx is a
random character string which AVG recognised as a trojan. Further more this
file gets opened and associated with winlogon.exe and so cannot be deleted.
A bit of Googling revealed that this is a downloader trojan, McAfee
describes it of type Downloader.AQW and that a registry entry is made:
http://vil.mcafeesecurity.com/vil/content/v_137110.htm
Sure enough, there was indeed an entry in the registry:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion
\policies\explorer\run
"wininet.dll"="dfrgsrv.exe"
This had to be deleted in safe mode, otherwise it just got put right back.
Since then the problem has not returned.
Mark.
(for the benefit of search engines: Id????.tmp <random string>.tmp virus)
| 
XML site map