msmsgs.exe

  • Thread starter Thread starter hpum
  • Start date Start date
H

hpum

After ending the process in windows task manger, I'm puzzled as to why msmsgs.exe keeps returning to the list of processes running in the background? Is it normal to have two msmsgs.exe startup items in systems configuration utility (MSCONFIG). One located in HKCU\software\microsoft\windows\currentversion\run; and the other in SOFTWARE\microsoft\windows\currentversion\run?
 
After ending the process in windows task manger, I'm puzzled as to why msmsgs.exe keeps
returning to the list of processes running in the background? Is it normal to have two
msmsgs.exe startup items in systems configuration utility (MSCONFIG). One located in
HKCU\software\microsoft\windows\currentversion\run; and the other in
SOFTWARE\microsoft\windows\currentversion\run?


The one HKCU\software\microsoft\windows\currentversion\run might be malware !


Dump the contents of the IE Temporary Internet Folder cache (TIF)
Start --> Settings --> Control Panel --> Internet Options --> Delete Files

Dump the contents of the Mozilla FireFox Cache { if you use FireFox }
Tools --> Options --> Privacy --> Cache --> Clear

1) Download the TrendMicro Sysclean Front End

Download the utility SYSCLEAN_FE at the following URL --
http://www.ik-cs.com/got-a-virus.htm
SYSCLEAN_FE automates the download and execution process of the Trend Sysclean Package.
Direct URL --
http://www.ik-cs.com/programs/virtools/Sysclean_FE.exe

2) Download and install Ad-aware SE
(free personal version v1.06)
http://www.lavasoftusa.com/
Update Ad-aware with the latest definitions and then exit the software.

3) Execute; SYSCLEAN_FE.EXE
Choose; Unzip
Choose; Close


Execute; c:\sysclean\SYSCLEAN_FE.BAT
{ or Double-click on 'SYSCLEAN_FE Link' in c:\sysclean }
when you get to the menu dhoose [1] so you can boot into Safe Mode.

4) If you are using WinME or WinXP, disable System Restore
http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm

5) Reboot your PC into Safe Mode and shutdown as many applications as possible.

6) Execute; c:\sysclean\SYSCLEAN_FE.BAT
{ or Double-click on 'SYSCLEAN_FE Link' in c:\sysclean }
Choose [2] on the menu and let SYCLEAN.COM scan your computer.
when done, execute Ad-aware SE and perform a full scan of your PC and delete
all objects found.

7) Restart your PC and perform a "final" Full Scan of your platform
Execute; c:\sysclean\SYSCLEAN_FE.BAT
{ or Double-click on 'SYSCLEAN_FE Link' in c:\sysclean }
Choose [2] on the menu and let SYCLEAN.COM scan your computer.
when done, execute Ad-aware SE and perform a final scan of your PC and delete
all objects found.


8) If you are using WinME or WinXP,Re-enable System Restore and re-apply any
System Restore preferences, (e.g. HD space to use suggested 400 ~ 600MB),

9) Reboot your PC.

10) If you are using WinME or WinXP, create a new Restore point


* * * Please report back your results * * *
 
Hello David,

I got as far as #3 of your instructions. After executing
c:\sysclean\SYSCLEAN_FE.BAT, a window came up asking me to close all
programs as the pc was about to restart. I never saw a menu option to choose
safe mode. When I tried to open 'SYSCLEAN_FE Link' a command prompt window
open momentarily with an error "Failed to find open script"

David H. Lipman said:
After ending the process in windows task manger, I'm puzzled as to why
msmsgs.exe keeps
returning to the list of processes running in the background? Is it normal
to have two
msmsgs.exe startup items in systems configuration utility (MSCONFIG). One
located in
HKCU\software\microsoft\windows\currentversion\run; and the other in
SOFTWARE\microsoft\windows\currentversion\run?


The one HKCU\software\microsoft\windows\currentversion\run might be
malware !


Dump the contents of the IE Temporary Internet Folder cache (TIF)
Start --> Settings --> Control Panel --> Internet Options --> Delete Files

Dump the contents of the Mozilla FireFox Cache { if you use FireFox }
Tools --> Options --> Privacy --> Cache --> Clear

1) Download the TrendMicro Sysclean Front End

Download the utility SYSCLEAN_FE at the following URL --
http://www.ik-cs.com/got-a-virus.htm
SYSCLEAN_FE automates the download and execution process of the Trend
Sysclean Package.
Direct URL --
http://www.ik-cs.com/programs/virtools/Sysclean_FE.exe

2) Download and install Ad-aware SE
(free personal version v1.06)
http://www.lavasoftusa.com/
Update Ad-aware with the latest definitions and then exit the
software.

3) Execute; SYSCLEAN_FE.EXE
Choose; Unzip
Choose; Close


Execute; c:\sysclean\SYSCLEAN_FE.BAT
{ or Double-click on 'SYSCLEAN_FE Link' in c:\sysclean }
when you get to the menu dhoose [1] so you can boot into Safe Mode.

4) If you are using WinME or WinXP, disable System Restore
http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm

5) Reboot your PC into Safe Mode and shutdown as many applications as
possible.

6) Execute; c:\sysclean\SYSCLEAN_FE.BAT
{ or Double-click on 'SYSCLEAN_FE Link' in c:\sysclean }
Choose [2] on the menu and let SYCLEAN.COM scan your computer.
when done, execute Ad-aware SE and perform a full scan of your PC
and delete
all objects found.

7) Restart your PC and perform a "final" Full Scan of your platform
Execute; c:\sysclean\SYSCLEAN_FE.BAT
{ or Double-click on 'SYSCLEAN_FE Link' in c:\sysclean }
Choose [2] on the menu and let SYCLEAN.COM scan your computer.
when done, execute Ad-aware SE and perform a final scan of your PC
and delete
all objects found.


8) If you are using WinME or WinXP,Re-enable System Restore and
re-apply any
System Restore preferences, (e.g. HD space to use suggested 400 ~
600MB),

9) Reboot your PC.

10) If you are using WinME or WinXP, create a new Restore point


* * * Please report back your results * * *
Click to expand...
 
Yes. One is the actual run key and the other is the actual software. That
is Windows Messenger. To disable totally:

Check for an option to not having the icon load in the System Tray via the
program(s) in question.

Other options for removal:

Go to Start/Run and type in: msconfig. Go to the Startup Tab and uncheck
accordingly. Then run this script to remove the disabled items from the
registry.

Clear Disabled Items from Msconfig Startup and Selective Startup (Line 148)
http://www.kellys-korner-xp.com/xp_tweaks.htm

Or...remove the runkeys from here: Start/Run/Regedit

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

You can also opt to going to Start/Control Panel/Add or Remove/Windows
Components and/or:

Disable/Remove Windows Messenger
http://www.dougknox.com/xp/utils/xp_mess_disable.htm

Added info:

Troubleshooting, Removing and/or Cleaning Add or Remove Programs
http://www.kellys-korner-xp.com/xp_a.htm#addremove

Troubleshooting the Notification Area
http://www.kellys-korner-xp.com/xp_n.htm#na

--

All the Best,
Kelly (MS-MVP)

Troubleshooting Windows XP
http://www.kellys-korner-xp.com



After ending the process in windows task manger, I'm puzzled as to why
msmsgs.exe keeps returning to the list of processes running in the
background? Is it normal to have two msmsgs.exe startup items in systems
configuration utility (MSCONFIG). One located in
HKCU\software\microsoft\windows\currentversion\run; and the other in
SOFTWARE\microsoft\windows\currentversion\run?
 
From: "hpum" <[email protected]>

| Hello David,
|
| I got as far as #3 of your instructions. After executing
| c:\sysclean\SYSCLEAN_FE.BAT, a window came up asking me to close all
| programs as the pc was about to restart. I never saw a menu option to choose
| safe mode. When I tried to open 'SYSCLEAN_FE Link' a command prompt window
| open momentarily with an error "Failed to find open script"

When the Sysclean Front End menu comes up, option "1" will reboot the PC. You may have hit
that inadvertantly.

As for clicking on the 'SYSCLEAN_FE Link', that error will show if you did not choose the
default (and hard coded) folder of c:\sysclean. However you indicated you executed
c:\sysclean\SYSCLEAN_FE.BAT which indicates otherwise. In that case, use the BAT file.
 
I could not find windows messenger (msmsgs.exe ) in the startup tab to uncheck
and disable.
 
Back
Top