msgsrv.cxe - Dangerous
msgsrv.cxe
Manual removal instructions:
Antivirus Report of msgsrv.cxe:
msgsrv.cxe
Trojan.Wintrash is a Gentee installer which drops files that damage Windows.
It causes Windows to restart immediately each time you try to start it.
This Trojan also disables critical registry keys.
When Trojan.Wintrash runs, it performs the following actions:
Displays a black bitmap that masks the screen and the activities that the Trojan performs.
Restarts Windows.
Drops the following files: %Windir%\temp\chichie.cxe; %Windir%\temp\chidk.cxe; %Windir%\temp\winfd.cxe; %System%\msgsrv.cxe; %Windir%\xfwfm.cxe;
Windows desktop\Wincfd
Changes the Value data of these registry keys to prevent you from editing the Windows registry:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System
HKEY_CURRENT_USER\Software\Microsoft\WindowsNT\CurrentVersion\Policies\System
to: "DisableRegistryTools"=dword:00000001
Adds the value: "MSGSRV" = "MSGSRV.CXE"
to these registry keys:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Run
Creates the registry key: HKEY_CLASSES_ROOT\.cxe
with the value: "(Default)"="exefile"
so that the files that have the .cxe extension run as executables.
Changes the Value data of: HKEY_CLASSES_ROOT\.exe
to: "(Default)"="Htmlfi1e"
so that .exe files do not run, and the Trojan runs each time you try to run any .exe file.
Adds the values:
"NoRun" = dword:00000001
"NoDrives" = dword:00000001
to the registry key:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
This causes Windows to shut down immediately after starting and causes any Windows display of drive icons to not include any hard drives associated with the system. Data on the drives is not affected, only the way Windows is displayed. Drive information is still available from native DOS on Windows 95/98/Me.
Removal: Please manual delete all registry keys described above.
msgsrv.cxe | Malware |
msgsrv.cxe | Dangerous |
msgsrv.cxe | High Risk |
It causes Windows to restart immediately each time you try to start it.
This Trojan also disables critical registry keys.
When Trojan.Wintrash runs, it performs the following actions:
Displays a black bitmap that masks the screen and the activities that the Trojan performs.
Restarts Windows.
Drops the following files: %Windir%\temp\chichie.cxe; %Windir%\temp\chidk.cxe; %Windir%\temp\winfd.cxe; %System%\msgsrv.cxe; %Windir%\xfwfm.cxe;
Windows desktop\Wincfd
Changes the Value data of these registry keys to prevent you from editing the Windows registry:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System
HKEY_CURRENT_USER\Software\Microsoft\WindowsNT\CurrentVersion\Policies\System
to: "DisableRegistryTools"=dword:00000001
Adds the value: "MSGSRV" = "MSGSRV.CXE"
to these registry keys:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Run
Creates the registry key: HKEY_CLASSES_ROOT\.cxe
with the value: "(Default)"="exefile"
so that the files that have the .cxe extension run as executables.
Changes the Value data of: HKEY_CLASSES_ROOT\.exe
to: "(Default)"="Htmlfi1e"
so that .exe files do not run, and the Trojan runs each time you try to run any .exe file.
Adds the values:
"NoRun" = dword:00000001
"NoDrives" = dword:00000001
to the registry key:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
This causes Windows to shut down immediately after starting and causes any Windows display of drive icons to not include any hard drives associated with the system. Data on the drives is not affected, only the way Windows is displayed. Drive information is still available from native DOS on Windows 95/98/Me.
Removal: Please manual delete all registry keys described above.
Dmitry Sokolov:
I created UnHackMe in 2006 to fix the problem that antivioruses did not fix: detecting rootkits.
Since that time I work every day to fix the issues that antiviruses cannot.
If your antivirus have not helped you solve the problem, you should try UnHackMe.
We are a small company and you can ask me directly, if you have any questions.