msconfig32.exe - Dangerous

msconfig32.exe

Manual removal instructions:

Antivirus Report of msconfig32.exe:
msconfig32.exe Malware
msconfig32.exeDangerous
msconfig32.exeHigh Risk
msconfig32.exe
W32.Tulu virus.

When W32.Tulu is executed, it attempts to copy itself as
%system%\Rundll32.exe
and
%windir%\Msconfig32.exe
where:
%windir% is C:\Windows or C:\Winnt
%system% is C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).

Virus add the value:
shell %system%\rundll32.exe
to the registry key
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
so that the worm runs each time that you start Windows.

Also creates the registry key
HKEY_LOCAL_MACHINE\Software\Microsoft\Ktulu
This key is used by the macro component of the virus.

The virus next attempts to locate the Microsoft Word global template, Normal.dot.
If the virus finds the file, it infects the file with a macro virus. The only purpose of the macro virus is to execute the W32.Tulu virus.

The virus now stays memory resident. Every few minutes, it attempts to copy itself to drive A.

How to delete this virus:

1. Run a full system scan whit your antivirus tools.
If any files are detected as infected with W32.Tulu, click Delete.

For example, Symantec antivirus products detect this macro component as W97M.Tulu.
If any files are detected as infected with W97M.Tulu, click Repair.

2. Delete the value "shell" from the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Remove msconfig32.exe now!

Dmitry Sokolov:

I created UnHackMe in 2006 to fix the problem that antivioruses did not fix: detecting rootkits.

Since that time I work every day to fix the issues that antiviruses cannot.

If your antivirus have not helped you solve the problem, you should try UnHackMe.

We are a small company and you can ask me directly, if you have any questions.

Testimonials

You can read UnHackMe testimonials here.