Backdoor.Iroffer.F

A

alan b

I run AVG anti-virgus program and detected virus named:
backdoor.Iroffer.f...But it wont eliminate it..perhaps it is not able to do,
but how do I get it eliminated? It is pesky because I cannot open Task
Manager..or it would open it momentarily and close immediately.
 
S

Sharon F

backdoor.Iroffer.f
Click to expand...

It's interesting that AVG could recognize this but not have anything in
their antivirus encyclopedia about it. It may be so recent that their
database has not been updated yet. Could only find one link on this and
it's in German:

http://de.trendmicro-europe.com/enterprise/security_info/virus_encyclopedia.php?VName=BKDR_IROFFER.C

You're on the right track of ending the process. Restarting in Safe Mode
may be helpful too.

Many of these viruses and worms will block the running of MSCONFIG, Task
Manager and the Registry Editor. Since the program's are blocked by name,
renaming the executables is a workaround. Example: Rename regedit.exe to
regedit.com

Or you can run the tool created by MVP Doug Knox that creates a "backup
set" of those three programs for you:
http://www.dougknox.com/xp/utils/xp_emerutils.htm

You may also want to drop an email off to Grisoft. They may be interested
in obtaining a sample of the virus from you and should be able to provide
any other removal directions needed (such as registry editing) that are
above and beyond the cleaning their program will perform on its own.
 
K

Kent W. England [MVP]

This bug may be killing AVG. Many bugs have long lists of programs that
they will kill if they find them running. You can't open Task Manager
because taskmgr.exe is on this bug's list.

Use Doug's script or copy taskmgr.exe to taskmgr1.exe (assuming this bug
hasn't stopped .exe from running).

If you have the name of the file, rename or move it, after you kill its
process, and then let AVG try to find it. If the move/rename seems to
stop the bug, but AVG can't get rid of it, and you are getting a Windows
error message complaining that it can't load that file, download
DiamondCS Autostart Viewer from
http://www.diamondcs.com.au/index.php?page=asviewer

Once you have things cleaned up and Windows continues to run fine, then
delete that trojan file.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Lost Task Manager 2
Task Manager 2
Suspicious file problem 7
Help with help? 1
Periodic lags 2
Very Slow PC 23
Pesky TROJAN virus won't go away. 4
Trojan Horse SHeur.AFJ 7

Top