[freight]

I'm desperate. I need help.

I was doing a check on my pc when I came to another MSGSRV32.exe file located at:

c:\windows\vxd\

but i still have the Msgsrv32.exe file (notice that the above file was all-caps) on the c:\windows\system directory.

When I check the properties for the one at the VXD folder there is no 'version' tab. It is 31814 bytes in size compared to the original one of 11920 bytes. It is also dated September 30, 2002 at 3:48 AM - and I'm also working until that time.

I'm quite alarmed because I just did a re-install of win98se not a month ago and was infected with a trojan by the filename of 'screg.exe' both before the re-install and after. I think I wiped that out pretty good using NAV and manual manipulation of the registry.

note: NAV doesn't see anything wrong with the file but I've never trusted antivirus software anyway.

anyone?

 

[freight]

hmm... that screg.exe file may not have been a virus after all. Yes, NAV did not see it as a virus. I deleted it anyway since I don't want the system doing things 'automatically' without my consent.

about that second MSGSRV32.exe file: I just removed its registry entry but the file still exists. I only got the jitters about it since it did not have the 'version-properties tab' that the original one had. The time too was suspicious since I'm usually still up at that moment (September 30 at 3:00 AM) so I think I got that thing myself.

That recent virus intrusion into my system was not screg.exe (I got confused) but MDUWE.exe and server.exe which NAV detected and quarantined as Backdoor.Trojan and Backdoor.Mosuc respectively. I looked for those two on the net (along the dll file it tried to use "euhbqa.dll") but I couldn't find references anywhere. I think that trojan's name is arbitrary.

 

[freight]

re: quarantine

i deleted them as quickly as I could. Would those files still be available to the cracker even if quarantined? I updated NAV so it may have been that that allowed it to detect those files.

there's nothing attached to the shell=explorer.exe string on system.ini .

I also go through the registry from time to time - doing some minor enhancements I pick up from the web and checking for strings that I don't like to see in the HKLM\...\Run etc.. window/s.

 

[freight]

thanks for the recommendation. I hardly ever download any programs before; like regcleaner or ad-aware etc since I'm quite paranoid of the effects of those programs. I don't even run any firewall programs (I don't go for BIDefender or ZAlarm because I always hear ill things on each).

I'll start using regcleaner then per your recommendation. thanks.