ms16prn.exe - Dangerous
ms16prn.exe
Jeff's Story:
My PC had gotten a bad rootkit that my ISP antivirus software (powered by McAfee) could not detect, nor could fix.
I sought a solution on the Internet and discovered your product and tried out the trial.
You quickly found the rootkit and SAVED my PC!
I haven't had any problems since, and I'm extremely grateful.
Manual removal instructions:
Throd is a Trojan that allows a 'master' to use the zombie machine as a proxy server.
The Trojan copies itself in the Windows system folder under a randomly combined multi-partite name:
ms, svc, win, 16, 32, 64, mes, prn, reg
"ms16prn.exe", for example.
In order to auto-launch, the Trojan creates a key in the system registry:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
with one of the following names chosen at random:
MS Driver Management
Synchronization Messager
System Directory Service
System Service Control
Windows Messaging System
Throd then attempts to connect to several remote servers and onpass ID information, including IP address and so forth, to the virus coder.
Throd accepts commands from the remote 'master' collets email addresses from the MS Outlook address book in to the mseml.dll file
and uses an http commands to send them to the same remote sites.
Throd can install and launch random files on command.
Throd also works as a proxy server and is capable of accepting and sending any type of data.
Automatic removal:
Use RegRun Startuip Optimizer to remove this worm.