ms32.sys
From: Jnthn (n_at_yahoo.com)
Date: 10/23/05
- Next message: easyone_at_onetel.com: "Re: hacktool.rootkit"
- Previous message: Zvi Netiv: "Re: Boot Malmo on my USB Mem!! Help"
- Next in thread: Malke: "Re: ms32.sys"
- Reply: Malke: "Re: ms32.sys"
- Reply: David H. Lipman: "Re: ms32.sys"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sun, 23 Oct 2005 13:57:01 +0200
There's a file named ms32.sys in the root directory of my boot drive.
It's an EXE file.
After deleting c:\ms32.sys, the computer began to shut down every 15
minutes: It was as if I clicked "Turn Off" in Start > Turn Off
Computer. Every single time, "W32Time" errors were listed in the Event
Viewer. I then disabled "Automatically synchronize with an Internet
time server" in Date and Time Properties but the problem became worse:
the PC would shut down shortly after loading the desktop.
I couldn't solve the problem so I put back ms32.sys in the root folder.
The PC doesn't shut down anymore.
I unpacked ms32.sys (it was UPXed) and found the string
"http://195.95.218.100/users/serg/web/serg.jpg" in it. I downloaded
"serg.jpg" and although it has a JPG extension, it's an EXE file.
When I go to "http://195.95.218.100," CMD.EXE starts on my computer. A
"Windows Script Host" error window pops up ("There is no script engine
for file extension '.vbs'.").
Neither AVG Anti-Virus nor HouseCall online virus scanner find any
viruses on the machine. I also ran Ad-Aware.
I couldn't find the string "ms32.sys" in the registry and there's
nothing suspicious in ...\CurrentVersion\Run.
Any idea?
- Next message: easyone_at_onetel.com: "Re: hacktool.rootkit"
- Previous message: Zvi Netiv: "Re: Boot Malmo on my USB Mem!! Help"
- Next in thread: Malke: "Re: ms32.sys"
- Reply: Malke: "Re: ms32.sys"
- Reply: David H. Lipman: "Re: ms32.sys"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
