General discussion


Musirc4.72.exe-virus keeps returning

By Senior Program Analyst ·
Using the version 7 of Mcafee Antivirus it on all my machines (updated dats). It keeps locating a virus/worm file called musirc4.72.exe in the c:winnt/system32 directory. The message window states that it was deleted and when I look for it, I do not locate leading me to believe this is the case. The problem is that it keeps returning. I find that a small portion of my computers may see this several times a day (usually the morning hours). Where is this coming into these systems from and why are they being picked and not others with the same updates and programs installed? How do I stop this nuisance? Ive been told this is the W32/RandBot virus by Mcaffee program but in my websearches It appears to be or variant of the W32/randex.gen or musirc.71 virus. Any help is appreciated. As the I.T. for this location im getting tired of the calls and my users are tired of seeing this re-appear.

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Comments

Collapse -

by LMon In reply to Musirc4.72.exe-virus keep ...

If you are running xp on any of these machines I would turn off system restore before doing anything.

Then I would download stinger.exe which should detect that and remove it.

Update windows with all the updates.

then update your virus scanner and run it see what happens.

Collapse -

Thanks LMon. I downloaded the latest Stinger and have run it on 1 machine and so far it looks good. It did not find any virus when run, but I guess It modified/patched some port the virus was using. I just wish I knew which virus it was since This is not the description to my knowledge of any of the 41 viruses Stinger works on. Im going to leave the question open for now until I verify this worked or in case someone else knows something. Thanks for the suggestion.

Collapse -

by RCOM In reply to Musirc4.72.exe-virus keep ...

Disable System Restore (Windows Me/XP).
Update the virus definitions.
Restart the computer in Safe mode.
Run a full system scan and delete all the files detected as W32.Randex.gen. Make sure all files are selected for scanning in virus software settings.
Reverse the changes that the worm made to the registry. Follow the instructions found online.

Collapse -

So far nothing I do on the systems appears to have any impact on this virus.
I have Downloaded and ran Stinger, Updated with all latest Windows 2000 patches, Updated with all the latest Microsoft Office Patches, and the Virus Dat files are updated Daily. All Viruses that seemed related to this file, Ive searched the registry for described elements but have not located any. Finally I have asked my Corporate IT up date the Password on the Domain/guest account. I suspected it was using it to gain download rights to the PCs. Although I never heard anything back, it appears my calls on the subject have decreased so maybe they did. I will be doing a random walk through today to check some of the more effected systems. If they are still getting this I will Place a Fake copy of the file (blank txt file) in the location with the that filename. Read/Only protect it. That has worked on one system as a stop-gap method.
Thanks for the suggestions.

Collapse -

This question was closed by the author

Related Discussions

Related Forums