MSDM

  • Thread starter Thread starter Karen
  • Start date Start date
K

Karen

Hi. Does anyone know what msdm.exe is? McAfee keeps
telling me that it's infected with a multi-pager trojan,
but I can't clean it or delete it, only quaratine it and I
have a huge quaratine list. Is it something that I can
delete?

Any help would be great. Thanks!
Karen
 
Karen said:
Hi. Does anyone know what msdm.exe is? McAfee keeps
telling me that it's infected with a multi-pager trojan,
but I can't clean it or delete it, only quaratine it and I
have a huge quaratine list. Is it something that I can
delete?

Any help would be great. Thanks!
Karen

This is from Symantec website.

Backdoor.Armageddon.20
Discovered on: January 09, 2003
Last Updated on: May 09, 2003 03:40:36 AM

Backdoor.Armageddon.20 is a Backdoor Trojan Horse that allows
its author to remotely control an infected computer. It is written in the
Delphi program language.
When Backdoor.Armageddon.20 runs, it copies itself as
C:\%windir%\msdm.exe.

NOTE: %Windir% is a variable. The Trojan locates the Windows
installation folder and copies itself to that location. By default, this is
C:\Windows or C:\Winnt.

The Trojan may add a value to the following registry keys, so
that it runs when you start Windows:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices

The Trojan opens some randomly changed TCP/UDP ports to connect
to the hacker.

Update the virus definitions.

1.. Restart the computer in Safe mode.
2.. Run a full system scan and delete all the files detected
as Backdoor.Armageddon.20.
3.. Delete any value that refers to the Trojan files from the
registry keys:


HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices
 
Back
Top