Trojan Horse PSW.Agent.Q

  John B 14:31 31 Dec 2004

AVG found 2 copies of the above on my m/c yesterday, and moved them to the vault. After a reboot this morning it found them again (and put them in the vault).

Zone Alarm (I am a new user) has warned me today that "mcsmss.exe is trying to access the internet" A search on google seems to suggest that mcsmss.exe is (or can be) associated with various Trojan horses.

3 of the problems are given the path name C\WINDOWS\SYSTEM32\mdcms.exe, the other was found in Documents and settings....Temporary Internet Files\Content.IE5\EZJOT4XX\mdcms(1).exe

So my I please ask:

1) Has AVG solved the problem?
2) Is mcsmss.exe linked to the PSW.Agent.Q?
3) Should I allow mcsmss.exe access to the net?
4) Why did AVG find PSW.Agent.Q again the next day?

n.b I have scanned the m/c again this morning (after a reboot) and there were no problems.

Thanks in anticipation


  bremner 14:59 31 Dec 2004

You need to turn off system restore - run AVG again and then turn restore back on.

You will loose old restore points but that is the price to pay.

  John B 15:49 31 Dec 2004

Have done as you suggested. Any thoughts about letting mcsmss.exe access to the net?

  ACOLYTE 15:53 31 Dec 2004

I wouldnt some trojans make this process after they have run and i have looked on my xp system and it not on there so i would guess your friend made it.

  ACOLYTE 15:57 31 Dec 2004

click here

One instance of it dont know if the removal is the same though.

  John B 16:01 31 Dec 2004

I've looked on my other XP computer and mcsmss.exe isn't there either. Is this something that I should try to delete; or should I permanently deny its access to the net in ZA?

  ACOLYTE 16:04 31 Dec 2004

According to click here in the advanced tab it can somtimes turn ZA off so i dont know what way to go if you can remove it safely then i would go that way.

  ACOLYTE 16:06 31 Dec 2004

If you have looked on your pc and have cleared the Trojan i may well be that it has also been deleted unless it still pops up asking for acsess
what you could do is delete it from ZA list and see if it pops up again if it does you know it still there.

  John B 17:43 31 Dec 2004

I'll try deleting it from ZA and see what happens!

  John B 19:14 31 Dec 2004

I've deleted it from ZA, but it's back! It seems to be trying to contact a m/c on my wireless network. I presume it should still have access denied?

  John B 23:06 03 Jan 2005

I hope this is now sorted. Please see click here

Thanks to all involved.

This thread is now locked and can not be replied to.

Elsewhere on IDG sites

OnePlus 6 review

Best art and design exhibitions in 2018

MacBook Pro keyboard issues and other problems

E3 2018 : dates, conférences de presse, billets et plus