Page 1 of 2 12 LastLast
Results 1 to 10 of 18
  1. #1
    Beta version pc_rekka's Avatar
    Join Date
    May 2005
    Location
    behind this stack of bits left over
    Posts
    44

    Default trojan IRDVCX.EXE probs

    hi All,
    have a friends compaq "evo n800v" lappie here that was running slow as. I had run Hijack this and identified the above named trojan.

    The owner on his own bat tried to remove it and well, now I have the machine here.

    Current symptoms are that the task bar has been replaced ( or covered) by a grey panel that would normally background a taskbar button, the Start button has gone , the task manager will not appear with CTR+ALT+DEL and the the program Icons on the desktop when selected result in a panel opening up which reads the application failed to start because the application configuration is incorrect. Reinstalling the application may fix this problem.

    I have managed to navigate via MY COMPUTER to the system32 folder and can run the command prompt. Via that I have run CHKDSK /r and since run sfc /scannow ( with MY copy of XPPRO)

    Fortunatley I still have the copy of the log from the first scan with HJT and have been able to do another reflecting the current status:

    CURRENT HJT log
    Logfile of HijackThis v1.99.1
    Scan saved at 8:04:45 p.m., on 9/01/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\Windows\System32\smss.exe
    C:\Windows\system32\winlogon.exe
    C:\Windows\system32\services.exe
    C:\Windows\system32\lsass.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\system32\LEXBCES.EXE
    C:\Windows\system32\LEXPPS.EXE
    C:\Windows\system32\spoolsv.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\atiptaxx.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Compaq\EAB\EabServr.exe
    C:\Program Files\Eset\nod32kui.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Windows\System32\Ati2evxx.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\Program Files\Eset\nod32krn.exe
    C:\Windows\system32\wscntfy.exe
    C:\Windows\system32\msiexec.exe
    C:\Documents and Settings\Administrator\Desktop\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...search/ie.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ihug.co.nz/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.xtramsn.co.nz/
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = ihug Internet
    O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_5_0.d ll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-nz\msntb.dll
    O3 - Toolbar: xtramsn - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-nz\msntb.dll
    O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_5_0.d ll
    O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
    O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\Compaq\EAB\EabServr.exe /Start
    O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1168284826824
    O20 - Winlogon Notify: WgaLogon - C:\Windows\SYSTEM32\WgaLogon.dll
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\Windows\System32\Ati2evxx.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\Windows\system32\LEXBCES.EXE
    O23 - Service: Network helper Service (MSDisk) - Unknown owner - C:\Windows\System32\irdvxc.exe" /service (file missing)
    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe

    PREVIOUS HJT LOG
    Logfile of HijackThis v1.99.1
    Scan saved at 6:27:07 p.m., on 18/01/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\Windows\System32\smss.exe
    C:\Windows\system32\winlogon.exe
    C:\Windows\system32\services.exe
    C:\Windows\system32\lsass.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\system32\LEXBCES.EXE
    C:\Windows\system32\spoolsv.exe
    C:\Windows\system32\LEXPPS.EXE
    C:\Windows\System32\Ati2evxx.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\Program Files\Eset\nod32krn.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\atiptaxx.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Compaq\EAB\EabServr.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...search/ie.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ihug.co.nz/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.xtramsn.co.nz/
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = ihug Internet
    O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_5_0.d ll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-nz\msntb.dll
    O3 - Toolbar: xtramsn - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-nz\msntb.dll
    O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_5_0.d ll
    O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
    O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\Compaq\EAB\EabServr.exe /Start
    O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1168284826824
    O20 - Winlogon Notify: WgaLogon - C:\Windows\SYSTEM32\WgaLogon.dll
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\Windows\System32\Ati2evxx.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\Windows\system32\LEXBCES.EXE
    O23 - Service: Network helper Service (MSDisk) - Unknown owner - C:\Windows\System32\irdvxc.exe" /service (file missing)
    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe

    The sfc /scannow has been run from the system 32 folder and on what appears completion, the window has closed, the COMMAND.COM window is still open. On trying to close the COMMAND.COM window, another info box opens that states " windows cannot end this program. it may need more time to complete an operation". the window offers an end now option ( losing any saved data) and a cancel option to return to Windows.

    I am curently running the SFC /SCANNOW command from the C prompt and will evaluate any result that gives. Meanwhile I thought I would post this and see if any of you can offer insight

  2. #2
    Beta version pc_rekka's Avatar
    Join Date
    May 2005
    Location
    behind this stack of bits left over
    Posts
    44

    Default erm.... the logs are labeled incorrectly

    the current is the older one and the ... ( you get the picture)
    TIA
    Let me issue and control a nation's currency and I care not who makes its laws".

    Nathan Rothschild, 1791

  3. #3
    Old Hand Pancake's Avatar
    Join Date
    Nov 2005
    Location
    Victoria Australia
    Posts
    632

    Default Re: trojan IRDVCX.EXE probs

    You are using an outdated version of HijackThis. Please uninstall from Add/Remove programs, and delete your current version.



    Please download HijackThis to your desktop.. http://www.trendsecure.com/portal/en...HJTInstall.exe

    Alternate link
    http://download.bleepingcomputer.com...HJTInstall.exe

    This program will help us determine if there are any spyware/malware on your computer. Double-click on the file you just downloaded.
    Click on the "Unzip" button to install. It will by default install to the directory - C:\Program Files\Trend Micro\HijackThis

    Upon install, HijackThis should open for you.

    Should it not open, navigate to C:\Program Files\Trend Micro\HijackThis and double click on HijackThis.exe

    1. If it gives you an intro screen, just choose 'Do a system scan and save a logfile'.
    2. If you don't get the intro screen, just hit Scan and then click on Save log.
    3. Post the hijackthis.log file here. Do not fix anything in HijackThis since they may be harmless.


    ==========================================

    This will help to identify malware on your system.
    Please download Combofix from any of these locations:

    Here
    or
    Here

    Save ComboFix to the desktop and please ensure that you disable realtime security/virus programs that monitors your PC while CF is running.

    1. Double click on combo.exe & follow the prompts.
    2. When finished, it will produce a logfile located at C:\ComboFix.txt.
    3. Copy and Paste the contents of that log in your next reply with a new hijackthis log. Do not use Code or html unless asked for.
    Note: Do not mouseclick combofix's window while it is running. That may cause your system to stall/hang.

    Caution...Never run and remove files using ComboFix without being supervised by a security analyst.


    A Member of :
    UNITE & ASAP

    Eddy

  4. #4
    Beta version pc_rekka's Avatar
    Join Date
    May 2005
    Location
    behind this stack of bits left over
    Posts
    44

    Default NEW HJT scan

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 8:32:20 a.m., on 20/01/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\Windows\System32\smss.exe
    C:\Windows\system32\winlogon.exe
    C:\Windows\system32\services.exe
    C:\Windows\system32\lsass.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\system32\LEXBCES.EXE
    C:\Windows\system32\spoolsv.exe
    C:\Windows\system32\LEXPPS.EXE
    C:\Windows\System32\Ati2evxx.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\Windows\Explorer.EXE
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\Program Files\Eset\nod32krn.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    E:\HiJackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...search/ie.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ihug.co.nz/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.xtramsn.co.nz/
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = ihug Internet
    O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_5_0.d ll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_5_0.d ll
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\Windows\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\Windows\System32\CTFMON.EXE (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1168284826824
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\Windows\System32\Ati2evxx.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\Windows\system32\LEXBCES.EXE
    O23 - Service: Network helper Service (MSDisk) - Unknown owner - C:\Windows\System32\irdvxc.exe (file missing)
    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe

    --
    End of file - 3828 bytes
    Let me issue and control a nation's currency and I care not who makes its laws".

    Nathan Rothschild, 1791

  5. #5
    Old Hand Pancake's Avatar
    Join Date
    Nov 2005
    Location
    Victoria Australia
    Posts
    632

    Default Re: trojan IRDVCX.EXE probs

    Dont forget to run Combofix


    A Member of :
    UNITE & ASAP

    Eddy

  6. #6
    Computer Technician wainuitech's Avatar
    Join Date
    Aug 2007
    Location
    Wellington
    Posts
    28,024

    Default Re: trojan IRDVCX.EXE probs

    First you need to remove AVG - you cant run two antivirals, they can conflict . keep the nod32, far better software.

    The log doesn't look to bad. one obvious is

    O23 - Service: Network helper Service (MSDisk) - Unknown owner - C:\Windows\System32\irdvxc.exe (file missing)

    run HJT again, tick it and remove.

    Download spybot, Spyware Doc from my sig, get Ccleaner as well, run that get Trojan Remover & Super Antispyware. Run all those and see what they drag out.

    Running SFC /SCANNOW wont do any good, the Reg /startup is trying to run a file that no longer is active.
    Last edited by wainuitech; 20-01-2008 at 10:56 AM.

  7. #7
    Beta version pc_rekka's Avatar
    Join Date
    May 2005
    Location
    behind this stack of bits left over
    Posts
    44

    Default Re: trojan IRDVCX.EXE probs

    Hey All,

    been away.

    ok, update... Combofix will not run from the desktop, nor will the likes of CCleaner.. Software such as MS word, publisher will. HJT will but will not delete (as noted further) Usual dialogue window states ..." this application will not run because it is not configured properly, re-installing application may resolve this problem". ..as noted.. programs will not install

    The MSdisk ref from the HJT report, incorporated with IRDvcx will not budge after ticking the box in HJT and expecting it to be removed.

    The issue of two antivirus programs running is acknowledge.

    I'm now suspect the registry keys for the interaction between the start up menu/task bar as well as the Task manager not launching, are damaged beyond repair. With this in mind, I have resolved to reinstall XP... Just waiting on owner to come forward with OS CD etc. ( no partition on hard drive with copy of OS.. which suggests computer is second hand ( or worse) and or the hard drive has needed to be reformatted at some point)

    Thanks for all of your suggestions and guidence. would be glad to read any further suggestions or speculations.

    Big ups to you all
    Let me issue and control a nation's currency and I care not who makes its laws".

    Nathan Rothschild, 1791

  8. #8
    Senior Member pctek's Avatar
    Join Date
    Feb 2005
    Location
    In the Wild West
    Posts
    24,212

    Default Re: trojan IRDVCX.EXE probs

    Why not try a Repair install first?

  9. #9
    Member
    Join Date
    Dec 2004
    Location
    NZ
    Posts
    44,851

    Default Re: trojan IRDVCX.EXE probs

    Try trojan remover in my sig. Update it then click on scan.

    Then select all options under the utilities menu.

    Then open my computer, right mouse on c, and select scan with trojan remover.

    I think the file you've got is IRDVXC.EXE.

    It looks like Rahack (rbot is another name for it) uses this file

    I would also disable system restore.

  10. #10
    Beta version pc_rekka's Avatar
    Join Date
    May 2005
    Location
    behind this stack of bits left over
    Posts
    44

    Default Re: trojan IRDVCX.EXE probs

    PC_tek: I am (Assuming.. eek) the owner will not have the OS CD (u'ho) if she does, I will try repair. I'm just waiting for her to get back to my message's

    Speedy: my bad typo ..... have disabled the SYSTEMRESTORE since my earlier HJT log.. Do you know if the Trojan remover you suggest will run from a usb stick?
    Let me issue and control a nation's currency and I care not who makes its laws".

    Nathan Rothschild, 1791

Similar Threads

  1. A few probs
    By jwil1 in forum PressF1
    Replies: 1
    Last Post: 12-04-2008, 12:56 AM
  2. Replies: 5
    Last Post: 09-03-2006, 05:08 AM
  3. Had a Trojan-Its gone-but still probs
    By Curly in forum PressF1
    Replies: 11
    Last Post: 18-03-2005, 08:18 AM
  4. More msn probs
    By Tony S. in forum PressF1
    Replies: 2
    Last Post: 28-07-2003, 10:09 PM
  5. IE Probs
    By olibigoli in forum PressF1
    Replies: 7
    Last Post: 19-06-2003, 10:45 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •