[RIP!]

Hi all ... as u may or may not have read in another thread I have located a virus on my system. Well the prob. is the object that has the BackDoor.Optix Trojan is in my Windows\System32\regsrv.exe file and it tells me that it can't heal it, that the file must be removed.

Now from the name of the file I gather that it has something to do with my registry only I am not sure what and can't locate any info. I am using AVG (latest ver. / dat files) and I am not sure if I should remove the file or ignore it and try some other AV pgm. or just what I should do here.

If anyone can help me out here I would greatly appreciate it.

Thanks,

[Yappinator]

Hey Rip

I recommend going to

http://www.trendmicro.com

And doing a scan without registering. May trend has a fix

Also here

http://securityresponse.symantec.com/avcenter/venc/data/backdoor.optix.04.b.html


good luck

yaps

[Mac33]

Nice one Karen...RIP let us know how you get on, and if you have further problems we are here to help you.
all the best

[XP Maniac]

Just DELETE the file, I dont think that file should actually exist, but there are a few named simillar to it.

Delete the file is my advice.

[purplehawk]

Delete it.

[s. sengupta]

Simple removal or deletion will not solve the case.As we all know that trojans execute lots of things and run in the background.So you have to delete the values from the registry too.Otherwise it will again create problems.

What you will do:-
1]Run a full system scan, and delete all files that are detected as Backdoor.Optix.
2] Remove the value from the registry:-
1. Click Start, and click Run. The Run dialog box appears.
2. Type regedit and then click OK. The Registry Editor opens.
3. Navigate to the key

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run

4. In the right pane, delete the value

winhelperapp %system%\msdodi.exe

5. Exit the Registry Editor.

[b] End The Trojan Process:-

1. Press Ctrl+Alt+Delete one time.
2. Click Task Manager.
3. Click the Processes tab.
4. Double-click the Image Name column header to sort the processes alphabetically.
5. Scroll through the list, and look for Msdodi.exe
6. If you find the file, click it, and then click End Process.
7. Exit the Task Manager.

Further :- http://securityresponse.symantec.com/avcenter/venc/data/backdoor.optix.04.b.html

[Yappinator]

After Backdoor.Optix.04.b is installed, it waits for commands from the remote client. The commands allow the hacker to perform the following actions:

Deliver system and network information, including login names and cached network passwords, to the hacker.
Manage the installation of the Trojan.
Download and execute files.


Scary! This is from the http://securityresponse.symantec.com/av ... .04.b.html

Link

[*Starz*]

Thanks ssg & Yaps...

Keeping that information on file...

[RIP!]

Hey all ... Thanks for all the input.

After about 4 diff. scan pgms. scanning my system there was a total of 2 files find by 3 of them and neither of the 3 was my default AV pgm. so I guess you know I will be changing that.

Ok, I was able to delete the winamp file that was in my windows\system32 folder but I wasn't able to del. the regsrv.exe file that is there. SS I have chk'ed the Reg. and the key isn't there nor is the msdodi.exe in the running processes. So I am going to try a safe boot and see can I delete the regsrv.exe and then do a couple more scans and I will let you all know how it goes.

Thanks once again.

[RIP!]

Well I think I might be in trouble here....

I am on my second system right now, I done what I said I was going to try on my main system (safe boot and del that regsrv.exe file). After I done that things stopped working for me and AVG keep telling me that there was a trojan infection on my system to run a full scan, yet I can't load AVG and I don't see the icon in the systray.

I checked the runing proccesses once again for the msdodi.exe file and it's not there, and I can't open regedit now to see if it managed to put some other run file there.

I am at a total lose as to what to do besides a clean install and I can't afford to lose stuff that is on my system, not to mention the down time. This is my lifes blood here.....