Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Killav Trojan Advice Needed

  • Please log in to reply
2 replies to this topic

#1 bluesjunior


  • Members
  • 761 posts
  • Gender:Male
  • Local time:06:16 AM

Posted 23 March 2007 - 07:10 AM

A couple of weeks back my AVG Anti-Spyware found and quarantined a Trojan called KillAV.It was found in the following file.

C:\I386\MMSSETUP.CAB/msmsgsin.exe -> Trojan.KillAV : Cleaned with backup (quarantined)

At the time I did a Google search on it and found out that it destroyed audio/video on ones PC. I thought therefore that as it was a Trojan it was pointless leaving it in Quarantine and so I deleted it.

This morning I came across a post on this Trojan in the HiJack This forum and found out that it is in fact a false positive and I should in fact have restored it.

My question is: Is there an easy way to restore the file. Until now I haven't noticed anything out of the ordinary with the way my PC runs other than twice in the last couple of weeks when switching my monitor on I found that I had lost the flashing Icon in my sign in screen and couldn't sign in without first rebooting my PC. At that time I used to switch my monitor off at night but since I stopped switching it off and just left it on screensaver it hasn't happened again.

Thanks for any advice offered.
Motherboard: Gigabyte GA-MA770T-UD3, CPU: AMD Athlon II X3 450 Processor, Memory: OCZ 4GB (2x2GB) DDR3 1333MHz,Graphics: PowerColor HD 5750 1GB GDDR5,
PSU: Corsair 430W CX PSU 4x SATA 1x PCI-E, Hard Drive:Samsung SpinPoint F3 500GB Hard Drive SATAII 7200rpm 16MB Cache.

BC AdBot (Login to Remove)


#2 fozzie


    aut viam inveniam aut faciam

  • Members
  • 3,516 posts
  • Gender:Male
  • Location:Ossendrecht/The Netherlands
  • Local time:07:16 AM

Posted 23 March 2007 - 09:25 AM

The easiest way would be to repair the install of Messenger by either re-installing it or first removing it and than re-installing it.

#3 quietman7


    Bleepin' Janitor

  • Global Moderator
  • 52,087 posts
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:16 AM

Posted 23 March 2007 - 09:50 PM

You still should have the msmsgs.exe file that's located in the C:\Program Files\Messenger folder. The file which you deleted was found and removed from the I386 folder which holds the files used to install, repair, modify, update and rebuild Windows. The critical files in that folder are also located on your Windows XP installation CD if you have one.

When a program quarantines a file or moves it into a virus vault, that file is safely held there until you take action to delete it. The reason for doing this is to prevent deletion of an essential file that may have been flagged as a "false positive". If that is the case, then you can restore the file. Doing this also allows you to view and investigate the files while keeping them from harming your computer. Thus, quarantine is just an added safety measure unless, as you have just learned, you delete them too quickly.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users