msfsr.sys - Dangerous
%sysdir%\msfsr.sys
Manual removal instructions:
Antivirus Report of %sysdir%\msfsr.sys:
%sysdir%\msfsr.sys
msfsr.sys is rootkit W32/Piggi-A.
msfsr.sys is used to hide files, processes and registry.
msfsr.sy sis a kernel mode rootkit.
msfsr.sys spreads by e-mail and via open network shares.
msfsr.sys tries to terminate antiviral programs installed on a user computer.
Related files:
%WinDir\lsass.exe
%Program Files%\Internet Explorer\iexplore.exe
%SysDir%\dllcache\svchost.exe
%WinDir%\svchost.exe
%System%\drivers\.sys
%System%\msfsr.sys
\zyxwvuts.log
msfsr.sys is created new system drivers:
service name: " msfsr"
display name: " msfsr"
Added to registry:
HKLM\SYSTEM\CurrentControlSet\Services\msfsr
Adds the value:
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
Shell
explorer.exe %WindDir%\lsass.exe
HKLM\SYSTEM\CurrentControlSet\Services\wuauserv
Start
3
to the Windows startup registry keys.
Added to registry:
HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\
Parameters\FirewallPolicy
StandardProfile\AuthorizedApplications\List
\:*:enabled:@xpsp2res.dll,-22019
| %sysdir%\msfsr.sys | Malware |
| %sysdir%\msfsr.sys | Dangerous |
| %sysdir%\msfsr.sys | High Risk |
msfsr.sys is used to hide files, processes and registry.
msfsr.sy sis a kernel mode rootkit.
msfsr.sys spreads by e-mail and via open network shares.
msfsr.sys tries to terminate antiviral programs installed on a user computer.
Related files:
%WinDir\lsass.exe
%Program Files%\Internet Explorer\iexplore.exe
%SysDir%\dllcache\svchost.exe
%WinDir%\svchost.exe
%System%\drivers\
%System%\msfsr.sys
\zyxwvuts.log
msfsr.sys is created new system drivers:
service name: " msfsr"
display name: " msfsr"
Added to registry:
HKLM\SYSTEM\CurrentControlSet\Services\msfsr
Adds the value:
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
Shell
explorer.exe %WindDir%\lsass.exe
HKLM\SYSTEM\CurrentControlSet\Services\wuauserv
Start
3
to the Windows startup registry keys.
Added to registry:
HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\
Parameters\FirewallPolicy
StandardProfile\AuthorizedApplications\List
Dmitry Sokolov:
I created UnHackMe in 2006 to fix the problem that antivioruses did not fix: detecting rootkits.
Since that time I work every day to fix the issues that antiviruses cannot.
If your antivirus have not helped you solve the problem, you should try UnHackMe.
We are a small company and you can ask me directly, if you have any questions.