Re: Virus MSNPG.exe-2147353e.pf

anonymous_at_discussions.microsoft.com
Date: 04/05/05 

Date: Tue, 5 Apr 2005 11:43:58 -0700

>-----Original Message-----
>From: "Roger M" <anonymous@discussions.microsoft.com>
>
>| Recently had machines infected with this virus??? All
>| machines are of Dell manufacture on a LAN and are loaded
>| with XP-SP1. Syptoms include : cannot open word or excel
>| files; cannot edit registry; cannot perform software
>| updates of anykind & some websites will not load. Machines
>| preloaded with XP-SP2 do not appear to be affected. Thru
>| shear desparation, disconnected machines from network and
>| did a complete reload of XP from original CDs. Yes HD was
>| formatted during reload. Applied the folllowing patches:
>| WindowsXP-KB823980-X86-ENU, KB824146-X86-ENU &
>| KB835732-X86-ENU. Thought these would protect the new
>| install but found out that MSNPG came back almost
>| immediately. What did I miss? Has anyone run into this
>| one before and what is the "cure"? TIA.
>
>There are anti virus News Groups specifically for this
type of discussion.
>
> microsoft.public.scripting.virus.discussion
> microsoft.public.security.virus
> alt.comp.virus
> alt.comp.anti-virus
>
>What you missed in the installation of anti virus
software. If you did you would find that
>you would have protected your computers.
>
>You would have also found that the infector using
MSNPG.exe has a name. That name would
>help you find and remove the infector and prevent
re-infection and cross-contamination.
>
>Dump the contents of the IE Temporary Internet Folder
cache (TIF)
>
>start --> settings --> control panel --> internet options
--> delete files
>
>1) Download the following items...
>
> McAfee Stinger
> http://vil.nai.com/vil/stinger/
>
> BHOdemon
> http://www.definitivesolutions.com/bhodemon.htm
>
> Trend Sysclean Package
> http://www.trendmicro.com/download/dcs.asp
>
> Latest Trend Pattern File.
> http://www.trendmicro.com/download/pattern.asp
>
> Ad-aware SE (free personal version v1.05)
> http://www.lavasoftusa.com/
>
>Create a directory.
>On drive "C:\"
>(e.g., "c:\New Folder")
>or the desktop
>(e.g., "C:\Documents and Settings\lipman\Desktop\New Folder")
>
>Download Sysclean.com and place it in that directory.
>Download the Trend Pattern File by obtaining the ZIP file.
>For example; lpt540.zip
>
>Extract the contents of the ZIP file and place the
contents in the same directory as
>sysclean.com.
>
>2) Update Ad-aware with the latest definitions.
>3) Disable System Restore
>
http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm
>4) Reboot your PC into Safe Mode [F8 key during boot]
> and shutdown as many applications as possible.
>5) Using Trend Sysclean, Stinger and Ad-aware, perform
a Full Scan of your
> platform and clean/delete any infectors/parasites
found.
> (a few cycles may be needed)
>6) Restart your PC and perform a "final" Full Scan of
your platform using the three
> utilities; Trend Sysclean, Stinger and Adaware
>7) Re-enable System Restore and re-apply any System
Restore preferences,
> (e.g. HD space to use suggested 400 ~ 600MB),
>8) Reboot your PC.
>9) Install, execute and update BHOdemon and then scan
the platform and remove
> any unkown Browser Helper Objects.
>10) Create a new Restore point
>
>* * * Please report your results ! * * *
>
>
>--
>Dave
>http://www.claymania.com/removal-trojan-adware.html
>http://www.ik-cs.com/got-a-virus.htm
>
>
>.
>I appreciate your rapid reply & yes, I forgot to mention
that all did have up to date virus protection loaded and
running. Unfortunately, the virus was not detected. As I
mentioned before, I cannot perform any type of update or
loading of software on these machines, even in safe mode.
Any more thoughts

Relevant Pages

  • Re: Virus MSNPG.exe-2147353e.pf
    ... | machines are of Dell manufacture on a LAN and are loaded ... There are anti virus News Groups specifically for this type of discussion. ... You would have also found that the infector using MSNPG.exe has a name. ... Re-enable System Restore and re-apply any System Restore preferences, ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Antispyware and Solaris
    ... this only works on Windows machines. ... I had a friend named Jeff who worked as a lab assistant in ... Part of Jeff's job was to ensure nobody left clutter on the hard drives ... It wasn't meant to find a virus. ...
    (comp.unix.solaris)
  • Re: New Virus released, can anyone help identify it?
    ... Virus sacns are not picking it up, ... >from reboot machine to take no action for RPC. ... >LSESS.EXE the machines apper to run fine. ... >It looks like blaster or maybe Sasser, ...
    (microsoft.public.win2000.security)
  • RE: Disabling autorun for mapped network drives
    ... It's standard practice to disable autorun functionality for all our client ... Enable it for All Drives. ... autorun.inf's from running on protected machines. ... What happened was that the virus creates "autorun.inf" in the root of the ...
    (Security-Basics)
  • Re: [Full-Disclosure] POSSIBLE TARGETING OF SECURITY RELESE READ
    ... From the message's full, original headers: ... already detected by all virus scanners and has spread profusely all ... a security mailing list with something as obvious as an already ... of IE on Internet exposed machines (Bugbear.B has an auto-execute on ...
    (Full-Disclosure)