I have the backdoor Trojan called msrexe.exe .. Any ideas on how to get rid of it would be greatly appreciated
Hi Jeff, First of all, how do you know you have an infection? I'm guessing your anti-virus told you, so what do you use and did it give the actual Trojan name (not the name of the infected file)? There are a few Anti-Trojan products available and you could use a free evaluation of one which will help you clean your system. TDS-3 or Trojan Hunter would be good for scanning your system and finding all the pieces of the infection. Take a look at this page for links and more information: http://www.wilders.org/anti_trojans.htm If you install and scan with one of these, you could come back and tell us what it found and we could advise you further from there.
That is a default SubSeven trojan name, so just install TDS and it will definitely be able to find it http://tds.diamondcs.com.au Update the databases too in case you have something else
hi jeff if u think that ur having a bockdoor trojan virus then the first thing u shud check for is the registry entries and the ini files which are run after booting of the system. the trojans most often make themselves auto load at startup. the things u must check are : - 1-) Autostart Folder Methode :- The Autostart folder is located in C:\Windows\Start Menu\Programs\start and any file put there will start automatically when windows start 2-) Win.ini Methode : open the win.ini file and if you found [windows] load= trojan run= trojan NullPort=None BaseCodePage=1256 so your PC is batched and you have trojan , so delete anything after the "=" sign 3-) System.ini Methode : Same as win.ini file .. open up system.ini if you find shell=Explorer.exe trojan.exe , the trojan will start after explorer start and as your desktop is an explorer , so it will start every time windows start 4-) The registry methode : Registry is often used in various auto-starting methods. Here are some known ways: [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "Info"="c:\directory\Trojan.exe" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce] "Info"="c:\directory\Trojan.exe" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices] "Info"="c:\directory\Trojan.exe" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce] "Info="c:\directory\Trojan.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Info"="c:\directory\Trojan.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce] "Info"="c:\directory\Trojan.exe" - Registry Shell Open [HKEY_CLASSES_ROOT\exefile\shell\open\command] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command] A key with the value "%1 %*" should be placed there and if there is some executable file placed there, it will be executed each time you open a binary file. It's used like this: trojan.exe "%1 %*"; this would restart the trojan.
