Recently, everytime when my system starts, Avast will report a “Win32: Trojano-3111” found in C:\drsmartload1.exe, also some file with the same virus under “temorary internet file” directory, and I just let Avast delete it, and do a boot scan. The boot scan found nothing, but same thing happens again when system starts, and the warning will popup periodically – without doing much damage. When I look at my ADSL router’s log, I can see that my computer is sending out requests to contact addresses like “192.168..” more than 20 times in every minute. I found a process “MG.exe” running in the system, and after I kill this process, the warning doesn’t happen anymore. I located the file “MG.exe” under C:\windows\temp and deleted it, hoping that I’ve resolved the problem. But after reboot, same thing happens again, and I cannot find where “MG.exe” is. All that I can do now is to kill the process “MG.exe” after every system startup to prevent any damages.
In Google search of “drsmartload1.exe”, I found that it’s been widely talked about on non-English sites, but haven’t yet found a simple solution.
I found another unfamiliar process “msbitsec.exe” which claims itself a system process from Microsoft Corporation, but the file created date is 2005.12.13, after which I had all the problems. It restarts immediately everytime after I kill the process. So I have to delete the file under “safe mode”. After this file’s deleted, no problems anymore.
Hi did you ever try turning off your system restore before trying to delete the file? This is necessary for it not to reform again. Don’t forget to turn it back on again though after deleting.
For future cases, better is add this file to Chest before cleaning.
Run avast, open Chest and then add the file there. From there you can send the file to Alwil for analysis.
For the future, you can use Process Explorer (www.sysinternals.com, freeware) that will show the full path of any running process.