Backdoor.mIRC-based question

[pam]

I was notified by an online scanner that I had the BKDR_WOMANIZ.E in
WINNT\system32\dllcache\msngr.exe
I took the option to delete it.

Then I read the following on the pestpatrol.com website:
"Follow these steps to remove Backdoor.mIRC-based from your machine:
Kill these running processes with Task Manager:
explorer.exe
lsass.exe
lsxy.exe
msngr.exe
mstaskmgr.exe
services.exe
system32.exe
taskmngr.exe

Then remove these files (if present) with Windows Explorer:
explorer.exe
lsass.exe
lsxy.exe
msngr.exe
mstaskmgr.exe
services.exe
system32.exe
taskmngr.exe"

I read somewhere that "MSTASKMGR.EXE, which is UPX-compressed, is a
malicious mIRC client that works together with malicious script files
to connect to particular IRC channels, where it waits for a remote
connection."

I also read on a newsgroup that taskmngr.exe is not a Microsoft
program. I'm still not sure about msngr.exe (the one I deleted). But
after doing some research, it looks like the rest of them are real
Microsoft programs. So I'm confused - why would I delete these
programs, and wouldn't that be a disaster if I did?

 

[Steve Nielsen]

You might check the instructions more closely and make note of the
actual location of the files to delete. Many trojans/viruses put their
nasty files with valid OS names on the drive but in locations where the
valid system files are not.

Steve

 

[BeamGuy]

I'd appreciate a little explanation of these from someone who knows more than I do...

Then remove these files (if present) with Windows Explorer:

explorer.exe
lsass.exe

I was under the impression that these were part of win2k.

 

[Bob I]

That is determined by the location you find them as to whether or not
they are part of win2k.