Tonight I noticed that Windows Media Player will no longer play .wavs or play other files in skin mode. I tried to look in the event viewer and noticed that it is missing from MY COMPUTER-MANAGE. I found the other icon for it and found System Error event id 4226…a TCP/iP error. I also noticed that a key avast had that was in HKLM…RUN is no longer there. Did they remove this key with the latest update?
Earlier, I heard drive activity so but I thought it was avast generating a VRDB. Does this sound familiar to anyone?
I am using XP Home. It has something to do with my profile. I would like to repair it rather than creating a new one as there is so much to configure if I create a new one. Any way to repair a profile?
Ok. It is a virus. It’s the Troj/DwnLdr-AKR – Another similar downloader Trojan. This one is installed as “taskdir.exe” in the Windows System folder. (Sophos)
I found it was created yesterday evening. How it got here I don’t know. I will now try to remove it by scanning with avast.
Here is more info I found about it in another forum…
"VOBLAIZDUPLA.EXE is a trojan downloader that download a file, called parad.raw.exe from a still up webserver.
From the webserver it download a clean dll, called zlbw.dll, and some garbage files.
then a copy of parad.raw.exe is done and called taskdir.exe.
Taskdir.exe is a new variant of trojan Lager. It contains a dll embeeded, called taskdir.dll.
taskdir.dll is then “injected” in every system process. This dll has “rootkit” features, because it hide every file or directory called “taskdir” from user’s eyes. (this is to hide taskdir.exe execution).
I’ve analyzed it and reported to antivirus companies who are adding the signature