Quizzes & Puzzles0 min ago
MSlti64.exe
Answers
No best answer has yet been selected by carlos. Once a best answer has been selected, it will be shown here.
For more on marking an answer as the "Best Answer", please visit our FAQ.
I found this about the virus at http://www.greatis.com/appdata/dm.htm. don't know if it fives any extra info.
mslti64.exe
W32/Agobot-LZ is an IRC backdoor Trojan and network worm.
It is capable of spreading to computers on the local network protected by weak passwords.
It copies itself to the Windows system folder as MSLTI64.EXE and creates the following registry entries to run itself on startup:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Video Process
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices\Video Process
The Trojan runs continuously in the background as a service process, providing backdoor access to the computer.
Also modifies the HOSTS file located at %WINDOWS%\System32\Drivers\etc\HOSTS, mapping selected anti-virus websites to the loopback address 127.0.0.1
The worm may also terminate and disable various anti-virus and security-related programs and may delete network shares.
Automatic Removal: Use RegRun Startup Optimizer to remove it from startup.
Looks like regrun is their virus protection system (I thought it might have been an XP tool - I'm still on 2000)
Here are some suggestions which might help -
Check your hosts file for the entry shown in the previous message. Also check the services in control panel (probably under administrative tools).
Locate the process in the services. If the name is not obvious then you will need to right click any entries that you are unsure of and check the path to the executable for each one till you find a match.
When you find a match press the stop button to stop the process. and set the startup type to disabled.
When the service is stopped I think you should be able to delete the executable.
Recheck the registry entries too.
Related Questions
Sorry, we can't find any related questions. Try using the search bar at the top of the page to search for some keywords, or choose a topic and submit your own question.