January 11th, 2003, 11:29 AM
Hello everybody, i'm new around here.
Last month i scanned my computer for virii, and i found : mnsvcp.dll
But i can't delete the file! When i click on it and press DEL it says something like this: Can't delete mnsvcp.dll because it might be in use or something like that. So when i start my computer it says: virus found. Does anybody know how to get the thing of my harddisk?
Thanks a lot
January 11th, 2003, 11:58 AM
I tried searching norton's webpage, doing a google search, looking at the DLL database on MSDN, and checking sophos. all came back with nothing.
So i'm gonna need a bit more info, what virus did Norton say was infecting this DLL?
What OS are you running?
Can you check the spelling of the DLL name pls.
On a side note I used norton for about 6 months, and when i came to rebuild my machine put AVG on it, and found the machine to be riddled with redlof, so i'm not a huge fan of Norton. (and yes I updated the engine / dat files, every day or so)
January 11th, 2003, 12:26 PM
I'd recommend you read about this dll, look for it in another PC, and (if possible) replace it with a new one. If you are really sure it has a virus and won't damage your machine if you delete, then you can try erasing it through Dos or a Dos command
Besides, look the name od the virus Norton found within this file and look for a tool to remove it or read how to do it manually. You wouldn't have problems deleting the files this ways because the tools make the whole work for you.
January 11th, 2003, 12:50 PM
try using mcaffe if u can get ur hands on it that's good too.
January 11th, 2003, 03:31 PM
Hmm , I think you gotta find out what program is using that dll
than press ctrl-alt-del and end that program, then delete the file
or u can try it with norton commander, if u got it
January 11th, 2003, 03:36 PM
u mentioned mnsvcp.dll
i found some info about this: mnsvcsp.exe which is damn similar name lol which if course might a totally diff thing
" I have to tell you that you have a trojan virus, and he has been colection all the keys, passwords, credit card numbres( if you use them) and sent them via mail to the person who create it. This virus name is BKDR SCLOG20, and none of the antivirus that exist today except the pccilin detects it,www.trendmicro.com
If you dont have it, run the free trial they give you, is the only way to detect the files because if you look for them you will not find them, they are hidden.
The other possibility is erasing everything from the registry. If you ran the FIFA 2003 KEY G, the most sure is that you look in the REGEDIT for all the names that include mnsvcps and delete them.
Try aswell to install a firewall program like zone alarm, it will helping you blocking the activity that the virus generates. "
try some trojan specific detectors, also someone tried pcillin and it didnt see it.
am i allowed to post links to other sites here?
info was here >> http://miataru.computing.net/securit...orum/3454.html
+ here >> http://pub75.ezboard.com/fsimplesupp...icID=115.topic
January 11th, 2003, 04:36 PM
I've used Trend Micro PCcillin, switched to other brands, and keep going back to it and now have PCcillin2003 which comes with a kind of mickey mouse firewall that I don't recommend. By the way, if anybody has pccillin 2000 or 2002, they can get a free download upgrade to 2003. PCcillin just works on my machine and whenever I've gone back, I've found bugs that the others, including KAV, missed.
As for removing anything from the registry, speaking from experience and more than one disaster, be very careful. The suggestion that you get a good firewall with outbound as well as inbound is a good one. That way you can block anything you don't want leaving and be able to tell where it's going. ZA is good, as is Sygate and Kerio. Outpost is great unless you have a home network (it doesn't support ICS in its current version).
January 11th, 2003, 07:52 PM
By any chance are you using Win ME? Virii and trojans can sometimes get locked in the /RESTORE file. You have to disable the restore function if that is the case, download the fix tool for the virus and run it after you have disabled system restore. First find out what kind of virus is infecting your computer, as metioned already. Once you know that you can get the removal tool.
Right click on my computer, properties, performance, file system, troubleshooting, make sure that you have a checkmark beside disable system restore.
Hope this is of some help. Of course if you are not running Win ME it won't help.
January 12th, 2003, 01:32 AM
If it's a virii that loads itself in the system at startup, you may have to boot into safe mode, as I find this works with infected files that Norton can't delete itself and I usually don't have a problem deleting it then.
The internet has a wealth of information regarding specific virii removal, and it would be wise to check on that, as you may have edit some registry entries/autoexec.bat or whatnot depending on the damage it's already done.
January 13th, 2003, 02:05 AM
I'm new here, so please be patient with me all you vetrans. I finally had my first encounter with a virus, and had a problem similar to MetalMaggot's. Through my own carelessness, I downloaded the YAHA.K worm. It proceeded to shut down my Norton antivirus and firewall before I could do anything about it. To get rid of it, I was forced to go a free online virsus scan where I was able to determine the type of worm, and also the location of the "new files" and processes running on my PC. I was unable to delete the files. I kept getting a message telling me that the file was in use or something. Using cntrl alt delete did not help because the window showing the running processes disappeared almost immediately, and so, I was unable to end the processes. I had Norton Utilities on a CD which contained a process viewer. Thankfully, it worked, and I was able to shut down the offending processes, and delete the files. Interestingly enough, I re-scanned a second time and found some other residual "garbage." After the third scan, all was clean, (at least I hope so). The final hurdle was restoring the registry back to its original state. I was unable to use programs with an .exe extention. For anyone interested, the site I went to was: http://www.trendmicro.com/en/home/us/enterprise.htm
You can scan for and get information on any virus, (including how to get rid of it).