Re: mszx23.exe Trojan

From: David H. Lipman (DLipman~nospam~_at_Verizon.Net)
Date: 02/04/05 

Date: Fri, 4 Feb 2005 08:57:07 -0500

1) Download the following four items...

         McAfee Stinger
         http://vil.nai.com/vil/stinger/

         Trend Sysclean Package
         http://www.trendmicro.com/download/dcs.asp

         Latest Trend Pattern File.
         http://www.trendmicro.com/download/pattern.asp

         Adaware SE (free personal version v1.05)
         http://www.lavasoftusa.com/

Create a directory.
On drive "C:\"
(e.g., "c:\New Folder")
or the desktop
(e.g., "C:\Documents and Settings\lipman\Desktop\New Folder")

Download Sysclean.com and place it in that directory.
Download the Trend Pattern File by obtaining the ZIP file.
For example; lpt392.zip

Extract the contents of the ZIP file and place the contents in the same directory as
sysclean.com.

2) Update Adaware with the latest definitions.
3) If you are using WinME or WinXP, disable System Restore
        http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm
4) Reboot your PC into Safe Mode and shutdown as many applications as possible
5) Using Trend Sysclean, Stinger and Adaware, perform a Full Scan of your
        platform and clean/delete any infectors/parasites found.
        (a few cycles may be needed)
6) Restart your PC and perform a "final" Full Scan of your platform using the three
        utilities; Trend Sysclean, Stinger and Adaware
7) If you are using WinME or WinXP, Re-enable System Restore and re-apply any
        System Restore preferences, (e.g. HD space to use suggested 400 ~ 600MB),
8) Reboot your PC.
9) If you are using WinME or WinXP, create a new Restore point

* * * Please report your results ! * * * 

-- 
Dave
http://www.claymania.com/removal-trojan-adware.html
"NDZoo" <NDZoo@discussions.microsoft.com> wrote in message
news:75B3EE0D-39B0-4AE7-B3F0-A98025F35D78@microsoft.com...
| I have this Trojan on my computer.  It's disabled my firewall, if I install
| sp2 IE won't work, and it changes my webpage just for fun.  I've tried the
| suggestions on here and used the Trend Sysclean Package.  All seemed to go
| well and all my antivirus and spyware (which normally identify this) said my
| system was clean.  But when I rebooted for the final time.  There it was
| again as usual.  I can't seem to get rid of this thing.  It is in the
| system32 folder and avg calls it a backdoor.small.5.BT  I need HELP!

Relevant Pages

  • Re: what is fcfB.exe?
    ... Dump the contents of the IE Temporary Internet Folder cache ... Download Sysclean.com and place it in that directory. ... Reboot your PC into Safe Mode and shutdown as many applications as possible ... Re-enable System Restore and re-apply any System Restore preferences, ...
    (microsoft.public.windowsxp.general)
  • Re: System Freeze - 100% CPU Usage
    ... (e.g., "c:\New Folder") ... Download SYSCLEAN.COM and place it in that directory. ... Reboot your PC into Safe Mode and shutdown as many applications as possible ... Re-enable System Restore and re-apply any System Restore preferences, ...
    (microsoft.public.windowsxp.general)
  • Re: 100% CPU Usage
    ... folder probably caused by interference by an AV scan during the Update ... Stop and Disable Automatic Updates, ... Now Reboot Again. ... Go to http://wiki.djlizard.net/Dial-a-fix and download Dial-a-fix ...
    (microsoft.public.windowsupdate)
  • Re: rulechinbait.exe anybody?
    ... (e.g., "c:\New Folder") ... Download Sysclean.com and place it in that directory. ... Reboot your PC into Safe Mode and shutdown as many applications as possible ... Re-enable System Restore and re-apply any System Restore preferences, ...
    (microsoft.public.windowsxp.general)
  • Re: "about:blank" home page
    ... THEN REBOOT AND RUN THEM AGAIN TO BE SURE ALL FILES ... > Unzip the Download file in a NEW FOLDER that you can create before you start ... > DO NOT install in your Desktop folder. ... > Download Registrar Lite 2.0, ...
    (microsoft.public.windows.inetexplorer.ie6.browser)