cancel
Showing results for 
Search instead for 
Did you mean: 

Dedler.G

Delves
Grafter
Posts: 188
Registered: 26-08-2007

Dedler.G

My AVG has just picked this up but it can't seem to remove it, I've checked around and there's not much info available on it. AVG have no data in there Virus lists.

Its also picked up BackDoor.Rirc.C. Again lots of references to Backdoor but not to this one.....Just found a little info on this one http://www.pestpatrol.com/PestInfo/b/backdoor_rirc_c.asp

Any suggestions......
5 REPLIES
N/A

Dedler.G

Dedler : The virus is in a file called smvss.exe. Find this and delete it. You may have to do this in safe mode.

You will also need to edit the following registry entries. The removal of these entries is optional in Windows 95/98/Me but required in 2000/XP and NT.

At the taskbar, click Start|Run. Type 'Regedit' and press Return. The registry editor opens.

Before you edit the registry, you should make a backup. On the 'Registry' menu, click 'Export Registry File'. In the 'Export range' panel, click 'All', then save your registry as Backup.

Locate the HKEY_LOCAL_MACHINE entries:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ActiveXUpdate
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\MicrosoftOEM
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\SoundControl
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\OfficeGuardUI

and remove any reference to smvss.exe

Although the free virus scanners are OK, they are still not as up to date as the commercial systems.

As for the backdoor, use the removal instructions you have already found.

Once removed, you could try the Trend online virus scanner to see what your AVG is not picking up.
N/A

Dedler.G

Dedler : The virus is in a file called smvss.exe. Find this and delete it. You may have to do this in safe mode.

You will also need to edit the following registry entries. The removal of these entries is optional in Windows 95/98/Me but required in 2000/XP and NT.

At the taskbar, click Start|Run. Type 'Regedit' and press Return. The registry editor opens.

Before you edit the registry, you should make a backup. On the 'Registry' menu, click 'Export Registry File'. In the 'Export range' panel, click 'All', then save your registry as Backup.

Locate the HKEY_LOCAL_MACHINE entries:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ActiveXUpdate
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\MicrosoftOEM
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\SoundControl
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\OfficeGuardUI

and remove any reference to smvss.exe

Although the free virus scanners are OK, they are still not as up to date as the commercial systems.

As for the backdoor, use the removal instructions you have already found.

Once removed, you could try the Trend online virus scanner to see what else your AVG may have missed. I always run an occasional check with a free onilne scanner, as well as my McAfee, just in case one misses something.
Delves
Grafter
Posts: 188
Registered: 26-08-2007

Dedler.G

Lots say the AVG aint that good but its the only one to detect it up to now, Ran a Sophos check last night and it didn't find it.

I also found a file called SETUP.EXE in a shared folder that was causing some problems.

DJ
Delves
Grafter
Posts: 188
Registered: 26-08-2007

Dedler.G

Ok I've not got anything in the registry or in any shared folders but AVG is finding things in what I think is my restore points

.....\System Volume Information\_restore{OBE187B1-7A51-4B5D-.......}\RP580\A0100531.EXE

How do I clear it out of here

DJ
N/A

Dedler.G

You cannot really clean it out of system restore.
You will have to turn off system restore, in control panel -> system -> system restore. Restart the PC.
Configure folder view options to show hidden files, then delete the folder 'system volume information'. Restart the PC
Turn back on system restore if you want it.