trojan - backdoor mosucker BO - won't go

  [DELETED] 23:05 18 Nov 2003

I have Windows ME, AVG, ZoneAlarm and have managed to pick up BackDoor Mosucker BO, AVG spotted it but can't get rid of it. It says that 2 files are infected:no1 C:\windows\hlvhmaf.bin which it says is an AVG update file , i can delete this but it reappears no2 C:\windows\msc0nfigP{2}.com{3} (NBthe 0 in config is a zero). There are references to this file in the registry and in msconfig and in system.ini, even with these references removed I can't delete the file from windows directory. Disabling msc0fig in the real msconfig has no effect as soon as i restart the machine I get a red screen announcing it's presence and it's back again.
Anyone got any suggestions or am I going to have to reformat.

  [DELETED] 23:10 18 Nov 2003
  [DELETED] 23:17 18 Nov 2003

Thanks VoG
I've already been there and tried it, I can't delete msc0nfig{2}.com{3} from the hard drive it says access denied.

  [DELETED] 23:22 18 Nov 2003

Try in Safe Mode. Reboot then keep tappng the F8 key just before the Windows screen loads. Then select Safe Mode from the menu that should appear.

Good luck.

  [DELETED] 23:28 18 Nov 2003

Sorry I've tried that too

  [DELETED] 00:10 19 Nov 2003

why not try a free online scan from click here

  ahales42 00:55 19 Nov 2003

why should i trust Trendmicro?

  ahales42 01:02 19 Nov 2003

search for file netstat.old and delete it. then disable system restore and then run AVG.

  hugh-265156 01:04 19 Nov 2003

i havnt had much experience with nasties myself but have got rid of two.

both required me to disable system restore in xp(i think me has this too)

untick everything in msconfig

run an avg scan in safe mode then delete it.

  [DELETED] 04:23 19 Nov 2003

trendmicro are the makers of the software pccillin and are one of the largest antivirus companies out there. I would trust them more than the smaller and less effective avg.

  [DELETED] 07:19 19 Nov 2003

I've replaced PC- Cillin on countless PCs with AVG due to the onwer knowing the PC has a virus, and i know it has a virus but PC-Cillin can't / won't find it....

Never had a complaint about AVG.

Have you removed this line from system.ini [boot] shell=unin0686.exe

More info from PestPatrol click here

See also click here

This thread is now locked and can not be replied to.

Elsewhere on IDG sites

Best computer security tips

This fantastic short film is packed with hidden TV and film references

Best external graphics cards (eGPUs) for Mac

Test : les écouteurs Bluetooth Soundcore Spirit X d’Anker