paulbeyer
|
| posted on 8/1/07 at 05:46 PM |
|
|
adir.dll worm
everytime I fire up my pc I get a warning from AVG saying it has detected a worm called adir.dll in my system32 directory. If I go for the heal
option, delete option in AVG or physically go into the directory and manually delete the file it always reappears when I reboot the pc. What do I need
to do to delete it permanently and stop it reappearing?
7 out of 10 people suffer with hemorrhoids. Does that mean the other 3 enjoy them?
|
|
|
|
|
martin1973
|
| posted on 8/1/07 at 05:53 PM |
|
|
try deleting you temp internet file?
sometimes works
or go to gris soft web site. see if they can help
martin
|
|
|
BenB
|
| posted on 8/1/07 at 05:55 PM |
|
|
linky
might help....
or doing the virus scanning etc in safe mode...
[Edited on 8/1/07 by BenB]
|
|
|
flak monkey
|
| posted on 8/1/07 at 05:57 PM |
|
|
TURN OFF SYSTEM RESTORE!
Sorry to shout, but its the biggest difficulty with removing viruses there is. Likewise scan and fix in safe mode too and delete all of the temporary
files on your computer.
David
Sera
http://www.motosera.com
|
|
|
paulbeyer
|
| posted on 8/1/07 at 08:23 PM |
|
|
Thanks for all of the advice guys. I have deleted all of my temp internet files, turned off system restore and done a full virus check in safe mode
(no viruses found) and still the adir.dll file appears each time I reboot. Not too sure what to try next. 
7 out of 10 people suffer with hemorrhoids. Does that mean the other 3 enjoy them?
|
|
|
martyn_16v
|
| posted on 8/1/07 at 09:59 PM |
|
|
Run msconfig (go to the start menu, Run... and type 'msconfig' ) and check what's being started when the PC is booted. Most things
are fairly obvious what they are, but if you don't recognise something google it's name to find out.
[Edited on 8/1/07 by martyn_16v]
|
|
|
martyn_16v
|
| posted on 8/1/07 at 10:03 PM |
|
|
According to Sophos (linky) You probably have the Lager-M trojan. Look out for
'taskdir.exe' in MSConfig, that's what's doing the nasty ever time you reboot
|
|
|
flak monkey
|
| posted on 8/1/07 at 10:12 PM |
|
|
If you have a file running when your computer boots you need to remove the registry entry that is causing it to run, and the file as well. You can
manually find the file, and the easiest way to remove the registry entry is using hijackthis (free download)
Sera
http://www.motosera.com
|
|
|
paulbeyer
|
| posted on 8/1/07 at 11:18 PM |
|
|
Sorted 
Martyn you were spot on with taskdir.exe. I ran msconfig and found it. Also found another little nasty and got rid of that as well. I also downloaded
and ran hijackthis and that found references to the same files which I got rid of. I can see it would be easy to do some serious damage with
hijackthis if you were not careful. 
Thanks everyone for your help.
7 out of 10 people suffer with hemorrhoids. Does that mean the other 3 enjoy them?
|
|
|
