Tech Support Forum banner
Not open for further replies.
1 - 3 of 8 Posts

· Premium Member
1,615 Posts
hello freight,
screg.exe is a service controller and is used to start system services that are supposed to start far, as I know thats used by winNT..dunno about win98SE...maybe thats why AV is not paying attention to you know what kind of virus you had on there ?

as far as MSGSRV32.exe goes do you get a general protection fault error ?
This can also be an issue with the sound card/modem that uses C-Media CMI8330 sound chip. This sound chip is used with various sound cards, and is also used with some modems. try doing this to see if it works (thats if you get an error)...

Restart your computer in Safe mode. In Windoze 98, restart your computer, press and hold down the CTRL key until you see the Startup menu, and then choose Safe Mode.

when Windoze loads...
Click Start, point to Settings, click Control Panel, and then double-click System.
Click the Device Manager tab.
Double-click the Sound, Video And Game Controllers to expand it.
Click your sound card, and then click Properties.
On the Drivers tab, click Driver File Details. Check to see that you are using the Cm8330sb.drv driver.
On the General tab, click to select the Disable In This Hardware Profile check box.
Click OK, and then click Close.

please post back.... :D

· Premium Member
1,615 Posts
Backdoor.Mosuc is basically a subseven ripoff and just like subseven it has 2 main parts... server and remote...server was what was on your pc (server.exe).... the way it works :

you connect to the internet, server.exe is active...
hacker/cracker has remote on his pc and connects to server.exe
on your pc...(done by having server.exe broadcasting your
IP back to the host...)
and then , the bad guy can do the following :
capture your screen
start/end programs or processes
open/close your cd tray
shut down your pc
change your mouse behavior
go to specific URL... etc...

It seems like NAV passed the test on this one...what did you do
after the file(s) were quarantined... are they still sitting on your pc quarantined or did you try to delete them ?

[update] hehe forgot something...
as much as I like having AV software on my pc, I always like to go through the system after I get a warning or possible infection, just to make sure everything is in your case you can :

Click Start and Run.
Type the following, and then click OK.

edit c:\windows\system.ini

The MS-DOS opens.

3. In the boot section at the beginning of the file, look for the line that begins with:


4. Look for anything that has been added to the line. It may appear similar to the following:

shell=Explorer.exe something.exe

5. Remove the reference to something.exe. When you are finished, the line must read:


save and exit.

Checking the registry :
if you're not comfortable with playing w/registry, skip this :D

Click start, run type regedit and click ok.
look through these registry keys, both data and name.
If there is any reference to the backdoor.mosuc, click name
hit delete, and yes to confirm, same with data.

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon


p.s. hopefully our kind moderators will not move this to virus forum. :D

· Premium Member
1,615 Posts
when norton quarantines files, it basically isolates those files off so you can delete them without any one should have access to them remotely after they've been quarantined. It seems like you got in a good habit of "raiding" your system from time to time and weeding out unwanted junk, which IMO, everyone should do regularly... one good tool you can use for keeping your registry in shape is regcleaner. Dunno if you already have this, but you dont have to be a whiz to use helps you get rid of old entries, unused dll's and can get it here

have fun and stay safe ! :D
1 - 3 of 8 Posts
Not open for further replies.