|
Malware -
Harmful EXE
|
msexe.exe is a added on your computer by a Trojan, keylogger . The name was used in prior version of windows. In windows 3.1 a file was having that name. Apart from that, in Symbian OS, which is used in mobile phones, there is a legitimate file of that name. But in the current versions of windows there is no genuine file of that name, but with a slight variation in the name "msiexec.exe" which is a genuine process. Probably bacause of appearance of that name, which seems to be an important windows file, the virus writers are tempted in using this name to create a harmful file on your computer. The current sample analysis indicate that, a file of this name is saved on ann infected computer at C:\Windows\System32 folder. however, the location may change arbitrarily, and you should search and delete this file found anywhere on your computer. (Again i must emphasize that you should see if that file is indeed created by a useful program on your computer, if you take your mouse pointer over the file, that should display a tooltip box, giving you the information about the origin of that file) the virus writers keep on changing the names/ locations of its files on the computer in order to avoid detection, therefore it will be helpful if you use the registry editor and open the Edit > Find box, and search for the filename "msexe.exe" delete its entries. This article gives you step by step instructions to remove the threat manually from your computer.
| Aliases: These are some of the aliases
Trojan-Spy.Gampass!sd6 [PCTools]
Infostealer.Gampass [Symantec]
Trojan-GameThief.Win32.WOW.frl [Kaspersky Lab]
Trojan-GameThief.Win32.WOW [Ikarus]
Win-Trojan/OnlineGameHack.16632.B [AhnLab] | | Turn off - system restore : The malicious files are saved in the system restore backup. You need to turn system restore off to remove them. You can turn it ON after cleaning the computer. Click here to read more... | | View Hidden Files: You need to enable to view hidden files and folders before you can search for the virus files and folders. Click here to read more... | | Boot in safe mode: If you are unable to delete the malware files/ folders, try doing it while in windows safe mode. Click here to read more... | | If you are unable to open Task Manager
Sometimes you are not able to open the task manager, the run command etc. The virus does this. There are free tools to solve this problem. They are listed here. Click here to read more... | Delete process/es from Task Manager: The following process may be found in the task manager. Delete it if found. Click here to read more...
msexe.exe
| Delete folders/ files from the hard disk:
C:\Windows\System32\msexe.exe
C:\Documents and Settings\[UserName]\Local Settings\Temp\msdll.dat (For deleting files in the temp folder, running CCleaner will be useful.It is a freeware temp files/ registry cleaner. Click here to read more...) | Delete the registry keys: by manually editing registry. You can edit the registry by using the windows built in registry editor. Click here to read more... - The newly created Registry Value is:
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
- msexe.exe = "%System%\msexe.exe"
so that msexe.exe runs every time Windows starts
| | Run System File Checker: This is a built in utility in windows, it scans the computer for any altered/ deleted windows system files and replaces them with original files automatically. Click here to read more... | Using Firewall: It will be helpful if you have a firewall so that you can block the malicious communication of the malware. | | reprinted with permission from threat expert |
|
