Jump to content


Photo

Downloader MSCache


  • Please log in to reply
2 replies to this topic

#1 resiak

resiak

    Member

  • Full Member
  • Pip
  • 8 posts

Posted 29 July 2004 - 07:34 PM

I am using Symantec's MScache removel instructions to remove the trojan. It tells me to open windows/mslog.tmp to get the value of random_reg_name so I can delete the registry key. The only problem is, I don't have the mslog.tmp on my computer.

Could it have a different file name? Is there any other way to find out the name of the subkey that I need to delete?

Symantec's instructions says that when the trojan is executed it add's the following registry keys:

q1
q2
q3
q4
q5
q6
q7
q8
q8
q10
installed

to HKLM\SOFTWARE\Microsoft\[random_reg_name]

I tryed using 'find' in the registry editor to find one of the registry keys that the trojan add's. Couldn't find any of them.

Anyone have any idea's?

Thanks in advance.
Resiak

Edited by resiak, 29 July 2004 - 08:38 PM.


#2 Trilobite

Trilobite

    Malware Hunter

  • Trusted Advisor
  • PipPipPipPipPip
  • 711 posts

Posted 30 July 2004 - 09:30 AM

The file might be hidden or classified as a systems file.
Set your computer to show hidden files.
You may also want to use the search function on the start menu to find the file.

#3 resiak

resiak

    Member

  • Full Member
  • Pip
  • 8 posts

Posted 01 August 2004 - 12:21 AM

Thanks for the reply. But I already set my comp to show all file's. I also used the search function. The file just isn't on my comp.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button