Karen said:
Hi. Does anyone know what msdm.exe is? McAfee keeps
telling me that it's infected with a multi-pager trojan,
but I can't clean it or delete it, only quaratine it and I
have a huge quaratine list. Is it something that I can
delete?
Any help would be great. Thanks!
Karen
This is from Symantec website.
Backdoor.Armageddon.20
Discovered on: January 09, 2003
Last Updated on: May 09, 2003 03:40:36 AM
Backdoor.Armageddon.20 is a Backdoor Trojan Horse that allows
its author to remotely control an infected computer. It is written in the
Delphi program language.
When Backdoor.Armageddon.20 runs, it copies itself as
C:\%windir%\msdm.exe.
NOTE: %Windir% is a variable. The Trojan locates the Windows
installation folder and copies itself to that location. By default, this is
C:\Windows or C:\Winnt.
The Trojan may add a value to the following registry keys, so
that it runs when you start Windows:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices
The Trojan opens some randomly changed TCP/UDP ports to connect
to the hacker.
Update the virus definitions.
1.. Restart the computer in Safe mode.
2.. Run a full system scan and delete all the files detected
as Backdoor.Armageddon.20.
3.. Delete any value that refers to the Trojan files from the
registry keys:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices