Options
How to remove trojan
I have a Trojan Horse Downloader.Presario.A
found in C:/windows/system32/msCMTsrvc.exe
Can someone tell me how to remove it? It's dated 10/29/2002, just curious, is it possible this was on the comp when I bought it less than a year ago? I barely do anything on the internet with this comp, don't download, never give out info & usually get very little junk mail. I even delete forwarded mail from friends without reading it, so was really surprised to find I had my first virus ever! Thanks, Rara
found in C:/windows/system32/msCMTsrvc.exe
Can someone tell me how to remove it? It's dated 10/29/2002, just curious, is it possible this was on the comp when I bought it less than a year ago? I barely do anything on the internet with this comp, don't download, never give out info & usually get very little junk mail. I even delete forwarded mail from friends without reading it, so was really surprised to find I had my first virus ever! Thanks, Rara
0
Comments
The file name is illegal, I think (DO NOT delete it until I say TO, PLEASE), but need to find another way to search. So, IF I know whose AV you use, that is best bet. This is not a common virus name at all, except for the Downloader part, and there are literally hundreds with that in it and I have been looking through virus name and symptom indexes for this name you gave me or any part of it. From the file date, this is very old-- but if the date is right something is very wrong. Knowing what program found it will let me find that AV mfr's data base, if they have one. I would say to go http://vil.nai.com/vil/default.asp and submit a copy of the file to them. You COULD also email a copy of it as an attachment to this email address, jdii1215 AT johndanielsonii.com (put the @ sign in instead of AT, remove spaces in email address)which is MINE, and I can see what Bitdefender on Linux here thinks of it and what F-Prot on XP thinks of it. I do not want millions of these submits, but I would like to know what is up with this file myself. Please do not PM me with this attachment.
John_D
How do I make a copy of file without causing a problem? Rara
Stop this service and delete the icon and any other traces of it. You should also be able to remove it from the WinXP startup by START>RUN type MSCONFIG and see if it is in the STARTUP tab.
Ok, you can do this:
Outlook Express, right??
Send an email to me at the email address given in last post. Click attach (paperclip icon on the OE symbols button thing called a toolbar)with the email writting thing still open. send it. then go to your sent email folder, delte what you just sent, then open the deleted items folder and delete it there. Then close Outlook Express. Then empty your recycle bin. I CAN tell you this, grisoft's database for viruses cannot find it either, by that name. grisoft makes AVG. I was looking there while you were replying here.
Tried to drag to recyle bin says:
Cannot delete msCMTsrvc: Access is denied.
Make sure the disk is not full or write-protected
and that the file is not currently in use.
My anti-virus program keeps popping up constantly while trying to do anything with it. Rara
Lots of hijackers do not run in safe mode. The things they depend on are off by default in an XP boot without networking. So, lots of things that the hijacker-removers kill can be removed by them easier with XP in safe mode and PHYSICALLY off the web while they are working.
Rara's file deleted fine in Safe Mode, not in normal mode.
If you have problems with a removal, try removing again, but in safe mode instead of in a normal boot mode. Just something to keep in mind. Actually for some of this junk, this is also true of every Windows from 98 SE and up through at least XP.
Its gotten so I clean boxes with modem or network cable UNPLUGGED, with boxes in safe mode without networking enabled. Some Windows versions just have no option for without or with networking, those actually default to not running network drivers usually unless something really very weird is going on.