-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
[Follow-up to alt.comp.anti-virus]
My Kerio firewall just caught a new version of msmsgs.exe trying to access
the internet when I haven't updated it and now it appears that I have a
virus. I'm trying to figure out what else besides the virus may be on my
computer now.
I have MSN Messenger installed but Messenger was disabled in services. I've
tried ending the msmsgs process in the task manager but it keeps returning.
I just noticed that WinPatrol has not been running either so I'm wondering
if that was disabled by whatever activity is going on.
Norton doesn't report any viruses but Panda Online reports that I have
Mitglieder.BO. Spybot and Adaware aren't detecting anything. Spywareguard
is also running. Any suggestions for the best way to clean this computer
and get rid of whatever is going on?
First of all you should know that MSN Messenger and the Messenger service
are two completely separate and independent programs.
That being said, MSN Messenger still loads on Windows XP after you telling
it not to. If you would like I can email you a batch file that will prevent
MSN Messenger from loading. (And one that will restore it in case you
decide you want to use it!)
It is expected behaviour for one to kill msmsgs.exe and reboot only to find
it running again.
On the Mitglieder.BO front, note that it is described by Panda as causing
anti-virus software to malfunction. I quote David H. Lipman's immutable
instructions on this matter:
1) Download the following three items...
McAfee Stinger
http://vil.nai.com/vil/stinger/
Trend Sysclean Package
http://www.trendmicro.com/download/dcs.asp
Latest Trend signature files.
http://www.trendmicro.com/download/pattern.asp
Trend Sysclean Method 1
- --------------------------------
Create a directory.
On drive "C:\"
(e.g., "c:\sysclean")
Download SYSCLEAN.COM and place it in that directory.
Download the signature files (pattern files) by obtaining the ZIP file.
For example; lpt524.zip
Extract the contents of the ZIP file and place the contents in the same
directory as
SYSCLEAN.COM.
Trend Sysclean Method 2
- ---------------------------------
The utility SYSCLEAN_FE in "Procedure F" at the following URL
http://www.ik-cs.com/got-a-virus.htm automates the download and execution
process of the
Trend Sysclean Package.
2) If you are using WinME or WinXP, disable System Restore
http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm
3) Reboot your PC into Safe Mode and shutdown as many applications as possible
4) Using both the Trend Sysclean utility and Stinger, perform a Full Scan
of your
platform and clean/delete any infectors found
5) Restart your PC and perform a "final" Full Scan of your platform using both.
6) If you are using WinME or WinXP, Re-enable System Restore and re-apply any
System Restore preferences, (e.g. HD space to use suggested 400 ~ 600MB),
7) Reboot your PC.
8) If you are using WinME or WinXP, create a new Restore point
* * Please report back your results * *
Regards,
Adam Piggott,
Proprietor,
Proactive Services (Computing).
- --
Please replace dot invalid with dot uk to email me.
Apply personally for PGP public key.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (MingW32)
iD8DBQFCSpJ/7uRVdtPsXDkRAiXmAJ9CMDcqyabL54PBZTgpfjsmnTt/BwCgm7j8
XXuHL1j4ArssnwSlRVhK3xU=
=YdkU
-----END PGP SIGNATURE-----
