April 19, 2012 12:27 Trojan Horse Hider MPR #198333
Reply with Quote | Quick Reply | Top
dawndarkness

Avatar

Novice
Join Date: 19.4.2012
Posts: 3
AVG recently detected 'trojan horse hider mpr' on my laptop. Everytime I try to move it to the virus vault it says that the file is inaccessible and cannot be removed. Since then AVG has not been scanning properly. It will complete in around 1 or 2 seconds and have scanned 0 files. Everytime I try to connect to a website that has avg in it's name access is denied. I have also been unable to run the avg update for presumably the same reason.

I have Windows XP.

Any help would be much appreciated.
April 19, 2012 12:56 Re: Trojan Horse Hider MPR #198335
Reply with Quote | Quick Reply | Top
dawndarkness

Avatar

Novice
Join Date: 19.4.2012
Posts: 3
Sorry I thought this had been included in my previous post.
April 19, 2012 17:02 Re: Trojan Horse Hider MPR #198385
Reply with Quote | Quick Reply | Top
Dusan Obert

Avatar

Administrator
Join Date: 12.8.2009
Posts: 1595
Hello dawndarkness,

As a first step, scan your computer with updated AVG Rescue CD.

Afterwards, if the AVG scan is still not working properly, follow all steps in full reinstallation instructions.

After reinstallation, update your AVG and provide us with scan results export and fresh both GMER outputs.

Thank you


AVG Team
How-To articles | FAQ | Free Support
April 28, 2012 11:54 Re: Trojan Horse Hider MPR #199499
Reply with Quote | Quick Reply | Top
BrianOBrien

Avatar

Novice
Join Date: 28.4.2012
Posts: 3
Re Trojan downloader hider..

I am having a similar problem - same trojan - same response from AVg threat detection.

Following this thread I have run the rescue disk, uninstalled & reinstalled. Now I have no anti-virus protection and can not update. Also a number of avg sites are unacessible in IE9.

Iam using XP pro on a laptop.

Any help will be appreciated.

Gmer and MSinfo files attached
April 28, 2012 16:34 Re: Trojan Horse Hider.MPR #199535
Reply with Quote | Quick Reply | Top
BrianOBrien

Avatar

Novice
Join Date: 28.4.2012
Posts: 3
Sorry I mean Trojan Horse Hider.MPR..

Also just found out I can not boot XP in any safe mode - only in normal mode.

I fear the worst but hope soemone can offer advice
April 30, 2012 06:21 Re: Trojan Horse Hider MPR #199767
Reply with Quote | Quick Reply | Top
nemethste

Avatar

Administrator
Join Date: 1.11.2011
Posts: 1730
Hello BrianOBrien,

Were you able to install AVG again but Anti-Virus component is not running?

According to the scan result analysis it seems that your computer is infected by MBR rootkit.

In order to get rid of this kind of infection please restore master boot record in offline mode.

Right after the MBR is restored, please scan your computer with updated AVG Rescue CD to kill all remains of infection.

Thank you.



AVG Team
How-To articles | FAQ | Free Support
May 4, 2012 20:13 Re: Trojan Horse Hider MPR #200549
Reply with Quote | Quick Reply | Top
BrianOBrien

Avatar

Novice
Join Date: 28.4.2012
Posts: 3
Hello Nemethste..

Many thanks for taking the trouble to review my reports.

AVG never reported any rootkit infection!

Anyway I decided on a clean reinstall of XP as I thought the system could do with a general 'spring clean'. It took it little longer then expected to get my emails working again.

AVG is now scanning and updating as expected. Should I still be worried about possible rootkit infection - AVG does not report any infection
May 5, 2012 20:25 Re: Trojan Horse Hider MPR #200667
Reply with Quote | Quick Reply | Top
Gary Bee

Avatar

Novice
Join Date: 29.7.2010
Posts: 296
BrianOBrien wrote
AVG never reported any rootkit infection!...Should I still be worried about possible rootkit infection - AVG does not report any infection

This is a known issue, the long story is in the Thread, Unable To Block, Nor Detect MBR Virus. To answer your question, I'll use the famous quote: "...be afraid, be very afraid" if you run on a system as wide-open as Windows. But, be nice, it does keep companies like AVG in business.

BrianOBrien wrote
Anyway I decided on a clean reinstall of XP...

Sorry you had to go through that, considering that a relatively easy remedy was available. I'm trying to catch the new threads to give them the warning. If you agree that this should be a HOT Thread, please respond here, and in the Thread, What Makes "Hot", and can users request it. Thanks.