msgran.exe - Dangerous
msgran.exe
Jeff's Story:
My PC had gotten a bad rootkit that my ISP antivirus software (powered by McAfee) could not detect, nor could fix.
I sought a solution on the Internet and discovered your product and tried out the trial.
You quickly found the rootkit and SAVED my PC!
I haven't had any problems since, and I'm extremely grateful.
Manual removal instructions:
It does the following:
Downloads the Trojan proxy, Backdoor.Ranck, from a hard-coded URL, copies it to C:\winnt\Mh.exe, and then executes it.
Registers itself as a service process on Windows 95/98/Me systems to hide itself from the task list.
Calculates a random IP address.
Enumerates the users on the remote server and then attempts to connect using these usernames with a blank password.
Copies itself to \\
Remotely schedules a task to run the worm on the newly infected computer.
To remove it from autorun section, navigate to the key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
and delete the value:
"Messenger start-up"="Msgran.exe"
Use RegRun Startup Optimizer to automatically remove it.