Malware Help

m0zZy · Jan 5, 2009

Well i have a question for TimW. I have had the same Trojan( Msddll.exe and VMwareservice.exe) on my network @ work and we has isolated it and whats not but there is still some cases where msddll.exe and WMwareservice.exe is still running i have found that the best way for a quick fix is to run services.msc and then navigate to the 2 services and edit the properties and Disable them and then change all 3 options to Take No Action. I was wondering if u could assist me in writing a global policy script or bat file to do this with out having to manually do this i would just implement it into the login script and force it to run. Thanks in advance.

chaslang · Jan 9, 2009

Welcome Major Geeks!

First you really should run our cleaning procedure so we can see all the info as you may not be reporting everything. The proper course of action is to remove the malware completely. Not just try to mask it.

Second VMwareservice.exe is not malware. You have VMWare installed to make virtual machines. See http://www.vmware.com/

As far as the msdll.exe service, it can show up with other bad services and also other malware. Since I don't know exactly what you have since you have not given us info we need from our cleaning procecdure, I don' t know which ones you have. You could put the below into a batch file and run this when you startup.

sc stop msddll
sc stop SVCHOSTS32
sc stop WinHost32Svr
sc delete msddll
sc delete SVCHOSTS32
sc delete WinHost32Svr
del /q %windir%\system\msddll.exe
del /q %windir%\system\svchost.exe
del /q %windir%\security\svchost.exe

Log in or Sign up

Malware Help

m0zZy Private E-2

chaslang MajorGeeks Admin - Master Malware Expert Staff Member