msserv.exe - Dangerous
msserv.exe
Manual removal instructions:
Antivirus Report of msserv.exe:
msserv.exe
I-Worm.Hadra
This is an Internet worm that spreads via e-mails being attached as an EXE file.
The worm copies itself to the Windows directory with the MSSERV.EXE name and registers that file in the Windows registry auto-run keys:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunServices
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices
msservice = %WinDir%\msserv.exe
The worm then stays in the Windows memory as a service, connects to MS Outlook and registers itself as MS Outlook "NewMail" and "ItemSend" events handler.
When a new mail has arrived, the worm looks as if it is its own message from another infected machine, and then deletes it.
When a message is being sent, the worm looks for already attached files, gets the first one, replaces it with its own copy with .EXE extenstion, and then sends it.
If the message has no attachment, the worm attaches itself with eight bytes of a random name and .EXE extenstion.
The worm disables several types of anti-virus protections, as well as immediately closes Registry editors upon their start-up.
Use RegRun Startup Opimizer for removal.
msserv.exe | Malware |
msserv.exe | Dangerous |
msserv.exe | High Risk |
This is an Internet worm that spreads via e-mails being attached as an EXE file.
The worm copies itself to the Windows directory with the MSSERV.EXE name and registers that file in the Windows registry auto-run keys:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunServices
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices
msservice = %WinDir%\msserv.exe
The worm then stays in the Windows memory as a service, connects to MS Outlook and registers itself as MS Outlook "NewMail" and "ItemSend" events handler.
When a new mail has arrived, the worm looks as if it is its own message from another infected machine, and then deletes it.
When a message is being sent, the worm looks for already attached files, gets the first one, replaces it with its own copy with .EXE extenstion, and then sends it.
If the message has no attachment, the worm attaches itself with eight bytes of a random name and .EXE extenstion.
The worm disables several types of anti-virus protections, as well as immediately closes Registry editors upon their start-up.
Use RegRun Startup Opimizer for removal.
Dmitry Sokolov:
I created UnHackMe in 2006 to fix the problem that antivioruses did not fix: detecting rootkits.
Since that time I work every day to fix the issues that antiviruses cannot.
If your antivirus have not helped you solve the problem, you should try UnHackMe.
We are a small company and you can ask me directly, if you have any questions.