Re: Windows Driver Service Virus ? Worm? (msdrvs32.exe)

From: Jackie (cardiffjackie_at_yahoo.com)
Date: 09/16/04 

Date: 16 Sep 2004 07:07:19 -0700

We are also experiencing this problem at our school. Originally, it
was detected by Symantec as w32.gaobot.gen but removal instructions
did not help us. I was able to get some more experienced people to
figure out how to remove it but as of right now, it still comes back.

This is what we've been doing:

-Copy regedit.exe to regedit.com (because changes weren't being saved
in the registry afterusing regedit.exe)

- Then using regedit.com, find all occurrences of "winupdate.exe",
"servicz.exe" and msdrvs32.exe" and delete.

- Then, find all occurrences of "winupdate.exe", "servicz.exe" and
"msdrvs32.exe" on the hard drive and delete. (You may have to restart
after deleting them from the registry.)

I am going to run the online checks that Dave posted on a couple of
machines today to see what comes up.

By the way, your post was the only response that a Google search on
"msdrvs32" came up with.

Jackie

"Harjinder Singh" <harjinder.singh@paramount.com> wrote in message news:<#4pMCA1mEHA.2948@TK2MSFTNGP11.phx.gbl>...
> We have a computer which appears to be some kind of worm or virus. It adds
> itself into numerous sections of the registry and creates a service running
> a file msdrvs32.exe in c:\winnt\system32. We were able to clean out the
> registry and delete the file from the file system, but it appears to have
> regenerated itself.
>
> Has anyone else experienced this virus, and does anyone know of a fix?

Relevant Pages

  • XP randomly restarts on me
    ... I got rid of the virus and everything started ... >I'm experiencing these unexplained crashes in XP, ... >kind of crash where you get to close the frozen program ... >check the file system on my C drive for errors. ...
    (microsoft.public.windowsxp.general)
  • Re: IE 6 hangs without http:// header in URL
    ... Nobody else is experiencing this issue, ... registry values below confirmed that they did not even exist in the ... with a client. ... The two machines are disseperate machines. ...
    (microsoft.public.windows.inetexplorer.ie6.browser)
  • No lazy flusher on XP Embedded (hotfix?)
    ... We've experienced and are experiencing further problems with data ... synchronization to update the registry does not start. ... This problem occurs when the lazy writer and lazy flusher threads ...
    (microsoft.public.windowsxp.embedded)
  • Re: reg cleaner
    ... specific *problems* are you actually experiencing (not some program's ... bogus listing of imaginary problems) that you think can be fixed by ... Is there any harm in having registry entries that do nothing? ... reference non-existent files or directories. ...
    (microsoft.public.windowsxp.help_and_support)
  • Re: All Documents Locked! How to Unlock?
    ... trial install that were not cleared by the proper install. ... registry let to a solution to the problem. ... but I'm waiting for the fix file from MESH rather ... Office 2003 without any problems while I was still experiencing the ...
    (microsoft.public.word.docmanagement)