how to remove Msets.Exe virus??

[putingcow]

i have a persistent virus in local disk C which is detected by AVG but it always keep on going back after i delete it, it has a name Msets.exe- a trojan horse. i also discover that every time i join Yahoo messenger my pc keeps on restarting. what is the best way to remove this, and where did it came from?? help me pls.....

[Ceyfer √]

wow its like Win32/cryptexe virus or w32 IRC-Bot gen : same symptoms ..

...... Is ur AVG updated? If ur AVg couldn't manage it ? Scan it with AntiSpyware scanner if u have ( update it first )

or try Kav 7.0 ! and AVG antispyware 7.5...

other infos here: http://spywarefiles.prevx.com/RRHDJE33541110/MSETSS.EXE.html

[putingcow]

my AVG is updated, ill try what you recommends, ive tried PREVX but it couldnt find it, i'll tell you ive reformated my pc but still, i have seen msets.exe on C:, thanks!

[Raymond]

Tell you what, upload the msets.exe to rapidshare or anywhere and give me the link. I'll run it on Sandboxie and see what it does.

[blackrose]

First Disable system restore:

and scan with your AV or aother program files. I suggest check the file online with many antiviruses,
Here is the Ray's blog:
http://www.raymond.cc/blog/archives/2007/10/14/easily-scan-suspicious-file-with-20-malware-scanner/

OR
http://www.virustotal.com/


Here is what Ray is talking about
http://www.raymond.cc/blog/archives/2007/11/02/how-to-investigate-suspicious-file-using-sandboxie/

[jet]

post a Hijackthis log. there might be some other things that need to be cleaned.

[putingcow]

http://rapidshare.com/files/81900924/msets.exe.html HI, RAYMOND, THIS IS THE LINK OF MSETS. EXE!!!

[Raymond]

putingcow, I've checked out the msets.exe.

It does the following.

Creates del.exe, delnew.exe, helper.exe, run.exe and nadlocop.exe at C:\Windows\System folder.
It will run multi instances of delnew.exe and nadlocop.exe

nadlocop.exe will automatically run whenever you start up Windows. The location of the registry is hkey_local_machine\software\microsoft\windows\currentversion\run with the value Advanced DHTML Enable

I've created a simple batch file cleaner to does all the above. You can download the cleaner at http://www.raymond.cc/msetsclean.zip

It will also modify your HOSTS file to prevent you from visiting anti virus websites. You can clean your HOSTS file by downloading the file below.
http://www.funkytoad.com/download/HostsXpert.zip
Extract the file HostsXpert.exe to your Desktop and run it.
Press 'Restore Original Hosts' and press 'OK'
Exit Program.

Weird part is, Kaspersky and Nod32 doesn't detect msets.exe as virus. BitDefender is able to detect it. I am having really good impression towards BitDefender now. If possible, try to get hold of BitDefender to scan your computer.

[Ceyfer √]

Cheers sir Raymund !

I'm using Bitdefender as On demand scanner only thats another puch by BitDefender: ( My resident AV is KAV 7.0 )

[putingcow]

thanks a lot ray!! i'll do what you told,