bkdr_IROFFER.B

This virus keeps popping up in trendmicro's online scan, and I purchased their software, hoping it would get rid of it, but it hasn't. I don't know why it won't, it shows how to get rid of it and I can't even do step 1 from the command prompt because the process is not running. If it's not running, however, then why is it always being detected in svchost.exe? It can't be quarantined, and there is no second option for removal. Norton 2004 doesn't even detect it. Sophos failed to remove it.

This is extremely avraggating, I read that the trojan acts as an IRC server for hosting files, and for all I know people could be using my computer to distribute child pornography or who knows what.

Does ANYONE, have any experience with this particular brand of virus? I've tried several antivirus programs, all came up short. I've reformatted once, and it just came back. I'm thinking something I use on a regular basis, such as a website or software, is installing this thing. I definately don't want to reformat again. I'd like to find out A) how to remove it. and B) find out what's installing it, because I am going to have a major gripe with them.

Comments

  • primesuspectprimesuspect Beepin n' Boopin Detroit, MI Icrontian
    edited April 2004
    Post a hijackthis log and we'll be able to help you better :)

    Welcome to short-media
  • KwitkoKwitko Sheriff of Banning (Retired) By the thing near the stuff Icrontian
    edited April 2004
    See if this helps. Also, give Spybot a try. It's been known to help remove some IRC bots.
  • edited April 2004
    Mr. Kwitko wrote:
    See if this helps. Also, give Spybot a try. It's been known to help remove some IRC bots.
    Nope, those didn't help, I just got my hijackthis log and was about to post it, but decided to do a quick reboot, and rescan....and finally trendmicro got rid of it. Strange, because I updated yesterday, and rebooted, and scanned, and it didn't quarantine it, but today it did :banghead: Once it was quarantined, I deleted that bastard and it's gone for now :D Thanks for your help anyway!
This discussion has been closed.