|
Malware -
Harmful EXE
|
msnsmg.exe is added on your computer by a virus that communication with a remote IRC server, creates a startup registry entry. It is a malicious trojan horse or bot and a network-aware worm that attempts to replicate across the existing network(s) This article gives you step by step instructions to remove the threat manually from your computer.
| Aliases: W32.Spybot.Worm [Symantec]
Worm.Win32.AutoRun.qos [Kaspersky Lab]
Generic.dx [McAfee]
Mal/Generic-A [Sophos]
Trojan:Win32/Ircbrute [Microsoft]
Worm.Win32.AutoRun [Ikarus]
| | Turn off - system restore : The malicious files are saved in the system restore backup. You need to turn system restore off to remove them. You can turn it ON after cleaning the computer. Click here to read more... | | View Hidden Files: You need to enable to view hidden files and folders before you can search for the virus files and folders. Click here to read more... | | Boot in safe mode: If you are unable to delete the malware files/ folders, try doing it while in windows safe mode. Click here to read more... | | If you are unable to open Task Manager
Sometimes you are not able to open the task manager, the run command etc. The virus does this. There are free tools to solve this problem. They are listed here. Click here to read more... | Delete process/es from Task Manager: The following process may be found in the task manager. Delete it if found. Click here to read more...
msnsmg.exe
| Delete folders/ files from the hard disk: The following files were created alongwith , delete them if found
C:\Windows\msnsmg.exe (It will be useful to run a freeware temp files/ registry cleaner like CCleaner after deleting the above files. Click here to read more...) | Delete the registry keys: by manually editing registry. You can edit the registry by using the windows built in registry editor. Click here to read more... - [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
- Windows Services = "msnsmg.exe"
so that msnsmg.exe runs every time Windows starts
| Using Firewall: It will be helpful if you have a full featured firewall so that you can block the malicious communication of the malware. It accesses the following sites - secure.x00x00.org Establishes a new connection with a remote IRC Server. The generated outbound IRC traffic is
NICK [00|USA|209179]
USER XP-2843 * 0 :COMPUTERNAME | | reprinted with permission from threat expert |
|
