trojan - backdoor mosucker BO - won't go

  Ellie 23:05 18 Nov 2003
Locked

I have Windows ME, AVG, ZoneAlarm and have managed to pick up BackDoor Mosucker BO, AVG spotted it but can't get rid of it. It says that 2 files are infected:no1 C:\windows\hlvhmaf.bin which it says is an AVG update file , i can delete this but it reappears no2 C:\windows\msc0nfigP{2}.com{3} (NBthe 0 in config is a zero). There are references to this file in the registry and in msconfig and in system.ini, even with these references removed I can't delete the file from windows directory. Disabling msc0fig in the real msconfig has no effect as soon as i restart the machine I get a red screen announcing it's presence and it's back again.
Anyone got any suggestions or am I going to have to reformat.

  VoG II 23:10 18 Nov 2003
  Ellie 23:17 18 Nov 2003

Thanks VoG
I've already been there and tried it, I can't delete msc0nfig{2}.com{3} from the hard drive it says access denied.

  VoG II 23:22 18 Nov 2003

Try in Safe Mode. Reboot then keep tappng the F8 key just before the Windows screen loads. Then select Safe Mode from the menu that should appear.

Good luck.

  Ellie 23:28 18 Nov 2003

Sorry I've tried that too

  rent-a-cop 00:10 19 Nov 2003

why not try a free online scan from click here

  ahales42 00:55 19 Nov 2003

why should i trust Trendmicro?

  ahales42 01:02 19 Nov 2003

search for file netstat.old and delete it. then disable system restore and then run AVG.

  hugh-265156 01:04 19 Nov 2003

i havnt had much experience with nasties myself but have got rid of two.

both required me to disable system restore in xp(i think me has this too)

untick everything in msconfig

run an avg scan in safe mode then delete it.

  rent-a-cop 04:23 19 Nov 2003

trendmicro are the makers of the software pccillin and are one of the largest antivirus companies out there. I would trust them more than the smaller and less effective avg.

  Jester2K II 07:19 19 Nov 2003

I've replaced PC- Cillin on countless PCs with AVG due to the onwer knowing the PC has a virus, and i know it has a virus but PC-Cillin can't / won't find it....

Never had a complaint about AVG.

Have you removed this line from system.ini [boot] shell=unin0686.exe


More info from PestPatrol click here


See also click here

This thread is now locked and can not be replied to.

Elsewhere on IDG sites

OnePlus 5 review

Alice Saey's mesmerising animation for Dutch singer Mark Lotterman

iPad Pro 10.5in (2017) review

Comment booster votre iPhone ?