msserv.exe - Dangerous
msserv.exe
Jeff's Story:
My PC had gotten a bad rootkit that my ISP antivirus software (powered by McAfee) could not detect, nor could fix.
I sought a solution on the Internet and discovered your product and tried out the trial.
You quickly found the rootkit and SAVED my PC!
I haven't had any problems since, and I'm extremely grateful.
Manual removal instructions:
This is an Internet worm that spreads via e-mails being attached as an EXE file.
The worm copies itself to the Windows directory with the MSSERV.EXE name and registers that file in the Windows registry auto-run keys:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunServices
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices
msservice = %WinDir%\msserv.exe
The worm then stays in the Windows memory as a service, connects to MS Outlook and registers itself as MS Outlook "NewMail" and "ItemSend" events handler.
When a new mail has arrived, the worm looks as if it is its own message from another infected machine, and then deletes it.
When a message is being sent, the worm looks for already attached files, gets the first one, replaces it with its own copy with .EXE extenstion, and then sends it.
If the message has no attachment, the worm attaches itself with eight bytes of a random name and .EXE extenstion.
The worm disables several types of anti-virus protections, as well as immediately closes Registry editors upon their start-up.
Use RegRun Startup Opimizer for removal.