Backdoor.mIRC-based question

  • Thread starter Thread starter pam
  • Start date Start date
P

pam

I was notified by an online scanner that I had the BKDR_WOMANIZ.E in
WINNT\system32\dllcache\msngr.exe
I took the option to delete it.

Then I read the following on the pestpatrol.com website:
"Follow these steps to remove Backdoor.mIRC-based from your machine:
Kill these running processes with Task Manager:
explorer.exe
lsass.exe
lsxy.exe
msngr.exe
mstaskmgr.exe
services.exe
system32.exe
taskmngr.exe

Then remove these files (if present) with Windows Explorer:
explorer.exe
lsass.exe
lsxy.exe
msngr.exe
mstaskmgr.exe
services.exe
system32.exe
taskmngr.exe"

I read somewhere that "MSTASKMGR.EXE, which is UPX-compressed, is a
malicious mIRC client that works together with malicious script files
to connect to particular IRC channels, where it waits for a remote
connection."

I also read on a newsgroup that taskmngr.exe is not a Microsoft
program. I'm still not sure about msngr.exe (the one I deleted). But
after doing some research, it looks like the rest of them are real
Microsoft programs. So I'm confused - why would I delete these
programs, and wouldn't that be a disaster if I did?
 
You might check the instructions more closely and make note of the
actual location of the files to delete. Many trojans/viruses put their
nasty files with valid OS names on the drive but in locations where the
valid system files are not.

Steve
 
I'd appreciate a little explanation of these from someone who knows more than I do...
Then remove these files (if present) with Windows Explorer:
explorer.exe
lsass.exe

I was under the impression that these were part of win2k.
 
That is determined by the location you find them as to whether or not
they are part of win2k.
 
Back
Top