[merlin]

hello freight,
screg.exe is a service controller and is used to start system services that are supposed to start automatically...so far, as I know thats used by winNT..dunno about win98SE...maybe thats why AV is not paying attention to it...do you know what kind of virus you had on there ?

as far as MSGSRV32.exe goes do you get a general protection fault error ?
This can also be an issue with the sound card/modem that uses C-Media CMI8330 sound chip. This sound chip is used with various sound cards, and is also used with some modems. try doing this to see if it works (thats if you get an error)...


Restart your computer in Safe mode. In Windoze 98, restart your computer, press and hold down the CTRL key until you see the Startup menu, and then choose Safe Mode.

when Windoze loads...
Click Start, point to Settings, click Control Panel, and then double-click System.
Click the Device Manager tab.
Double-click the Sound, Video And Game Controllers to expand it.
Click your sound card, and then click Properties.
On the Drivers tab, click Driver File Details. Check to see that you are using the Cm8330sb.drv driver.
On the General tab, click to select the Disable In This Hardware Profile check box.
Click OK, and then click Close.
Restart...

please post back....

 

[merlin]

Backdoor.Mosuc is basically a subseven ripoff and just like subseven it has 2 main parts... server and remote...server was what was on your pc (server.exe).... the way it works :

you connect to the internet, server.exe is active...
hacker/cracker has remote on his pc and connects to server.exe
on your pc...(done by having server.exe broadcasting your
IP back to the host...)
and then , the bad guy can do the following :
capture your screen
start/end programs or processes
open/close your cd tray
shut down your pc
change your mouse behavior
go to specific URL... etc...

It seems like NAV passed the test on this one...what did you do
after the file(s) were quarantined... are they still sitting on your pc quarantined or did you try to delete them ?

[update] hehe forgot something...
as much as I like having AV software on my pc, I always like to go through the system after I get a warning or possible infection, just to make sure everything is clean...so in your case you can :

Click Start and Run.
Type the following, and then click OK.

edit c:\windows\system.ini

The MS-DOS opens.


3. In the boot section at the beginning of the file, look for the line that begins with:

shell=Explorer.exe

4. Look for anything that has been added to the line. It may appear similar to the following:

shell=Explorer.exe something.exe

5. Remove the reference to something.exe. When you are finished, the line must read:

shell=Explorer.exe

save and exit.

Checking the registry :
if you're not comfortable with playing w/registry, skip this

Click start, run type regedit and click ok.
look through these registry keys, both data and name.
If there is any reference to the backdoor.mosuc, click name
hit delete, and yes to confirm, same with data.

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce

HTH

later
p.s. hopefully our kind moderators will not move this to virus forum.

 

[merlin]

when norton quarantines files, it basically isolates those files off so you can delete them without any consequences...no one should have access to them remotely after they've been quarantined. It seems like you got in a good habit of "raiding" your system from time to time and weeding out unwanted junk, which IMO, everyone should do regularly... one good tool you can use for keeping your registry in shape is regcleaner. Dunno if you already have this, but you dont have to be a whiz to use it...it helps you get rid of old entries, unused dll's and more...you can get it here

have fun and stay safe !