Thanks a ton Chris, Barry and Kapre for your help. I located the file msn.exe, deleted it and after a restart I didn't get any warnings! I'll run a deep scans with nod32 and adaware later on to make sure that all is clear; but so far so good!
Thanks once again. Amro----- Original Message ----- From: "Christopher Hallsworth" <chrishallsworth@xxxxxxxxxxxxxx>
To: <access-uk@xxxxxxxxxxxxx> Sent: Wednesday, November 01, 2006 11:57 PM Subject: [access-uk] Re: Help with a virus please
This has obviously caused a spark, <smiles>. Msn.exe? Hmm, could be that awful Messenger Plus! again. First, delete the msn.exe if you can. If not, remove Messenger Plus! If you have it, and see if Nod32 still detects it. If not, then you're good to go. I wish you the best of luck in removing this nasty piece of work. On Wed, 1 Nov 2006 22:52:04 -0000, "Amro Bilal" <amro_bilal@xxxxxxx> said:Hi everyone, I have a trojan that I can't get rid of. For couple of days, every time I start my computer NOD32 displays the following message "Event occurred on a new file created by the application: C:\WINDOWS\system32\msn.exe. The file was moved to quarantine. You may close this window." And I get a NOD32 virus alert message in my inbox that says "C:\WINDOWS\system32\hook.dll is infected with Win32/Spy.BZub.NBD trojan." Despite running, more than once, with system restore turned off, deep scans with NOD32 and Ad-Aware, my computer is still infected. Ad-aware is still showing at least one object "MRU List (x) objects". I don't know what I can do next now, and why NOD32 can't remove what keeps creating the file that infected with the Win32 virus when my computer starts, even though during the deep scan it found about three threats and dealt with them. I'd very much appreciate any advice on what I can do next to cure my sick machine as I'm getting sick of this lurking nasty! Thanks in anticipation, Amro-- Christopher Hallsworth chrishallsworth@xxxxxxxxxxxxxx ** To leave the list, click on the immediately-following link:- ** [mailto:access-uk-request@xxxxxxxxxxxxx?subject=unsubscribe] ** If this link doesn't work then send a message to: ** access-uk-request@xxxxxxxxxxxxx ** and in the Subject line type ** unsubscribe ** For other list commands such as vacation mode, click on the ** immediately-following link:- ** [mailto:access-uk-request@xxxxxxxxxxxxx?subject=faq] ** or send a message, to ** access-uk-request@xxxxxxxxxxxxx with the Subject:- faq
** To leave the list, click on the immediately-following link:- ** [mailto:access-uk-request@xxxxxxxxxxxxx?subject=unsubscribe] ** If this link doesn't work then send a message to: ** access-uk-request@xxxxxxxxxxxxx ** and in the Subject line type ** unsubscribe ** For other list commands such as vacation mode, click on the ** immediately-following link:- ** [mailto:access-uk-request@xxxxxxxxxxxxx?subject=faq] ** or send a message, to ** access-uk-request@xxxxxxxxxxxxx with the Subject:- faq