Backdoor.Iroffer.F

  • Thread starter Thread starter alan b
  • Start date Start date
A

alan b

I run AVG anti-virgus program and detected virus named:
backdoor.Iroffer.f...But it wont eliminate it..perhaps it is not able to do,
but how do I get it eliminated? It is pesky because I cannot open Task
Manager..or it would open it momentarily and close immediately.
 
backdoor.Iroffer.f
Click to expand...

It's interesting that AVG could recognize this but not have anything in
their antivirus encyclopedia about it. It may be so recent that their
database has not been updated yet. Could only find one link on this and
it's in German:

http://de.trendmicro-europe.com/enterprise/security_info/virus_encyclopedia.php?VName=BKDR_IROFFER.C

You're on the right track of ending the process. Restarting in Safe Mode
may be helpful too.

Many of these viruses and worms will block the running of MSCONFIG, Task
Manager and the Registry Editor. Since the program's are blocked by name,
renaming the executables is a workaround. Example: Rename regedit.exe to
regedit.com

Or you can run the tool created by MVP Doug Knox that creates a "backup
set" of those three programs for you:
http://www.dougknox.com/xp/utils/xp_emerutils.htm

You may also want to drop an email off to Grisoft. They may be interested
in obtaining a sample of the virus from you and should be able to provide
any other removal directions needed (such as registry editing) that are
above and beyond the cleaning their program will perform on its own.
 
This bug may be killing AVG. Many bugs have long lists of programs that
they will kill if they find them running. You can't open Task Manager
because taskmgr.exe is on this bug's list.

Use Doug's script or copy taskmgr.exe to taskmgr1.exe (assuming this bug
hasn't stopped .exe from running).

If you have the name of the file, rename or move it, after you kill its
process, and then let AVG try to find it. If the move/rename seems to
stop the bug, but AVG can't get rid of it, and you are getting a Windows
error message complaining that it can't load that file, download
DiamondCS Autostart Viewer from
http://www.diamondcs.com.au/index.php?page=asviewer

Once you have things cleaned up and Windows continues to run fine, then
delete that trojan file.
 
Back
Top