adirka.exe - trojan!

avast! cannot desinfect the adirka.exe, i dont know what to do, more over this trojan writes this link included virus to my contacts in ICQ - http://nuclearworldaction.com/target.html
Download and try to find the way to desinfect, I think virus infects known and allowed *.dll files
PLEASE, UPDATE THE VIRUS DATABASE

Trojans generally be repaired or disenfected as the complete content is malicious.

Did avast detect it, I assume not ?
Send the sample to virus@avast.com zipped and password protected with password in email body and undetected malware in the subject. Or you can also add the file to the User Files (File, Add) section of the avast chest where it can do no harm and send it from there (select the file, right click, email to Alwil Software). No need to zip and PW protect when the sample is sent from chest.

Give a brief outline of the problem (possibly a link to this thread), the fact that you believe it to be a either a new, undetected virus and include the password in the body of the email. Some info on the avast version and VPS number (see about avast {right click avast icon}) will also help.

Avast! detects only adirka.exe, tryes to treat the file C:\windows\system32\adirka.exe, even after deleting my ICQ client sends url includes virus to download.
I think dlls of my ICQ client are infected.
you can download virus by clickin` the following url:
http://nuclearworldaction.com/target.html

My !AVS is up-to-date (current version is 000726-1)
PS: sorry for my english

:slight_smile: Hi :

 "Trojans" are best detected AND quarantined by programs that
  SPECIALIZE in this, such as the "trial" version of AVG Antispyware
  from www.ewido.net and/or the FREE version of SUPERantispyware
  from www.superantispyware.com ; do you have programs like this
  on your computer ? You should NOT expect one company to protect
  you from all the different kinds of bad "stuff" coming through the
  phone lines . Do you have a software firewall ?

If avast can detect adirka.exe but can’t remove it that could be because it is 1) in use, 2) in one of the system folders, both of which are protected by windows.

If you have XP or Win2k, you could enable a boot time scan. Right click the avast icon, select Start avast! Antivirus, Menu, ‘Schedule boot-time scan…’ Or see http://www.digitalred.com/avast-boot-time.php

If it continually returns then there are other elements to the overall problem, and using the programs suggested by Spiritsongs should hopefully detect what is restoring it.

A google search for adirka.exe returns many hits, this is just one of them, http://fileinfo.prevx.com/adware/qqf54281124249-ADIR36364162/ADIRKA.EXE.html

Hi rem57,

The following program may remove adirka.exe: http://fileinfo.prevx.com/adware/qqf54281124249-ADIR36364162/ADIRKA.EXE.html

polonus

I guess you didn’t see that link in my post ;D new glasses for polonus ;D

Hi DavidR,

My apologies, anyways the man could not have missed it in two separate postings. Now I see it, my eyes bulge out. Well on the other hand it means synchronization of malware fighters that advise the same remedy.

polonus (58 years old and still without glasses, but paying attention now)

Kaspersky Anti-Hacker is my firewall
Thanx for links, now i`m downloading recommended software…

PREVX1 can not treat this virus(((
I dont know what to…virus still sends URL to my contacts without my consent…

Hi rem57,

Consider this cleansing routine here:
http://www.castlecops.com/t181794-Symantec_Virus_Need_help.html
Do not perform it, just post a hjt log here. If it is too large, divide it over two postings.
HJT can be downloaded here: https://ssl.perfora.net/tools.radiosplace.com/HijackThis.exe

polonus

What can’t it do, errors, warnings, etc. anything to help us in why it can’t treat ?

The prevx link was as I said just one of the hits that a google search for adirka.exe returned have you tried that search and investigated other hits ?
http://www.google.com/search?q=adirka.exe, this is another hit, http://www.sophos.com/security/analyses/trojtibsqt.html.

This section contains the description and advanced technical information

Troj/Tibs-QT is an email relaying Trojan for the Windows platform.

The Trojan can be used to send spam. The content of the messages it sends is downloaded from a preconfigured website.

When run the Trojan copies itself to \adirka.exe and creates the
following files:

\adirka.dll <Detected as Troj/HideDl-B>

The following registry entry is created to run adirka.exe on startup:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
adirka
\adirka.exe