Backdoor Roxy Virus..

S

Scott

I have A Backdoor roxy virus on my system that I can't
seem to get rid of with Norton Anti-Virus with the new
definitions.. Can anyone tell where I might beable to
manually get rid of it?

Thanks Scott
 
S

Steve Parry [MVP]

Scott said:
I have A Backdoor roxy virus on my system that I can't
seem to get rid of with Norton Anti-Virus with the new
definitions.. Can anyone tell where I might beable to
manually get rid of it?

Thanks Scott
Click to expand...


try ... this is from the F-Secure site for an older variant but may still be pertinent

"When the worm is first run on a system it copies itself to the system directory with the name
'gesfm32.exe'. This copy of the worm is then added to the registry to the following locations:

'HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Microsoft Netview'
'HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices\Microsoft Netview'

To clean this worm these registry keys must be removed and the worm copies mentioned above deleted.
"
 
E

edgeBall

I got the same problem!
I use Norton Antivirus but can't solve the problem completely!
I have the latest update from symantec, but every 10 minute, ther is
still a pop up 'virus alert' says :
----------------
Norton Antivirus has detected and removed a virus from your computer.
Object name: C:\payload.dat ( some time
C:\winnt\system32\payload.exe).
Action taken: the file was automatically deleted.
---------------
This is very anoying sinc it pop-up every 10 miutes!


BTW: there is no registy key in my HKLM/.././windows/ registry
directory.
Any help?
 
E

edgeBall

Hi,
Got my problem solved by deleting the registry key: msmsgri32.exe ,
and the physical file msmsgri32.exe in C:\winnt\system32\ as well.

Don't know why norton update can't do this for me.
I got this virus because I left my PC open to internet without
firewall for just less than 10 hours!


EdgeBall
 
A

AJ

I've been struggling with the same problem. I may have
found the solution --I haven't (yet) received the virus
alert that kept popping up after going in the registry to:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersio
n\Run

and deleting: mssys lanhelper

system Initialization (if you have this)

By the way, could you tell me what kinds of problems
you've encountered with your computer since this virus
appeared? When you start up, do you get an error message?
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

sp.dll virus 2
tidserv backdoor rouge virus on netbook 9
Unknown window pop-up 2
want to stop "INSTALL" roxie v6 7
How to replace virus infected winlogon.exe and Internet.dll ?? 5
Backdoor.Hacarmy.F 4
Repairing Win 2000???????? 2
Admin password 5

Top