|
Indoctrination
This trojan is another email password sending trojan , it sends cached and recorded passwords to the hackers email address , also can send system information etc .
It is pretty hard to remove but it isn't impossible , the reason for it being so difficult to remove is that it makes 5 different registry entries which each have to be removed before the trojan is fully removed from the infected system .
To remove this trojan follow these steps :
Click Start, and go to Run. In the box, type regedit and click OK.
When regedit starts, you will see a file-like tree on the left hand panel. Open the folders to follow the path:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\
Click on 'Run' and the right-hand panel will change. Look for the first item titled: Msgsrv16 ="Msgsrv16"
Right click on Msgsrv16 and choose Delete.
Next, repeat with the following key paths:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce\
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\
Each will contain the same Msgsrv16 ="Msgsrv16" line, which you should delete from each.
Close regedit and reboot your PC to remove the trojan from memory.
After the reboot, use Windows Explorer to delete the trojan file at:
C:\windows\system\msgserv16.exe
Don't delete msgsrv32.exe as this is a true windows program.
|
|
