Anti-Virus Apps
--
Questions
--
Followers
Top Experts
MSCache virus
'm trying to help an inexperienced neighbor with a bigtime problem. Her Outlook Express wouild not execute anymore she asked me for help. The first thing I did was to check her Norton data and found that she let her Norton subscription expire and apparently has picked up several viruses. After getting her subscription renewed online, I did a Live Update and then did a full scan. Sixteen viruses were detected. Norton eliminated some and recommended that we quarantee those that could not be eliminated. We followed the instructions...quarantee and then delete. However, one file could not be deleted. Additional instructions about what to do with this file which is named "psxumfoo.exe" with a virus name of DOWNLOADER.MScache are offered in the Norton information area but we have been unable to identify the "browser helper object" and its location which is one of the steps to eliminate this virus. Norton suggests that it is installed as a DLL file with a randomly assigned file name with very little help in actually locating the file so that it can be unregistered.
Since I was unable to identify this file and unregister it according to the instructions, I then attempted to delete the psxumfoo.exe file but the system denies access to the file. I really don't know how to eliminate this virus. Norton's instructions are very vague regarding the "unregistering the browser helper object'. Can someone please help me find a way to eliminate this virus? Thanks.
Since I was unable to identify this file and unregister it according to the instructions, I then attempted to delete the psxumfoo.exe file but the system denies access to the file. I really don't know how to eliminate this virus. Norton's instructions are very vague regarding the "unregistering the browser helper object'. Can someone please help me find a way to eliminate this virus? Thanks.
Zero AI Policy
We believe in human intelligence. Our moderation policy strictly prohibits the use of LLM content in our Q&A threads.
SOLUTION
membership
Log in or create a free account to see answer.
Signing up is free and takes 30 seconds. No credit card required.
ASKER CERTIFIED SOLUTION
membership
Log in or create a free account to see answer.
Signing up is free and takes 30 seconds. No credit card required.
Sorry, I know better than to not tell you the OS. It is XP Home. Regarding identifying the DLL....firstly, I have not been able to locate any file MSCACHE.*. The only file remaining that Norton could not quaranteen or delete is identified as PSXUMFOO.EXE under the heading of ITEM. Then there is a Norton heading called VIRUS Name and under that it identifies this as DOWNLOADER.MSCACHE with a comment "REPAIR FAILED". When clicking on more information, it provides the object name (I assume psxumfoo.exe) in C:\WINNT\PSXUMFOO.EXE. I can find that file but cannot delete it with the error message "Access denied". Is access denied because it is in use somewhere? Will attempting to delete this in safe mode do the trick?
You also recommend searching for a DLL that is 36864. Norton suggests looking for a file that is either 122880 or 131072. I did find 4 files in C:\WINNT\SYSTEM32. They were dsprop.dll, dssent.dll and odbcconf.dll that fit the 122880 and 131072 parameter. However, I did not do anything yet with these files. Where are most of these DLL's located? I use Explorer and I've checked to be sure that all hidden files are also listed. I've seen references in web based stuff to look at the WINDOWS directory but on this system there is nothing in the WINDOWS directoy except a subfolder called SYSTEM and under that there is nothing. Once I find where the DLL's are stored, I'm sure I'll find 100s or thousands. Is there a way to sort by file size to identify the culprit? What is most confusing is that Norton's info specifically speak to a DLL file but the one detected is a .EXE file. I'm assuming that if I can get rid of it, then we should be OK but it just doesn't match up with the Norton removal instructions particularly where they recommend UNREGISTERING the DLL.
You also recommend searching for a DLL that is 36864. Norton suggests looking for a file that is either 122880 or 131072. I did find 4 files in C:\WINNT\SYSTEM32. They were dsprop.dll, dssent.dll and odbcconf.dll that fit the 122880 and 131072 parameter. However, I did not do anything yet with these files. Where are most of these DLL's located? I use Explorer and I've checked to be sure that all hidden files are also listed. I've seen references in web based stuff to look at the WINDOWS directory but on this system there is nothing in the WINDOWS directoy except a subfolder called SYSTEM and under that there is nothing. Once I find where the DLL's are stored, I'm sure I'll find 100s or thousands. Is there a way to sort by file size to identify the culprit? What is most confusing is that Norton's info specifically speak to a DLL file but the one detected is a .EXE file. I'm assuming that if I can get rid of it, then we should be OK but it just doesn't match up with the Norton removal instructions particularly where they recommend UNREGISTERING the DLL.
>>Will attempting to delete this in safe mode do the trick
yes it should
http://securityresponse.symantec.com/avcenter/venc/data/downloader.mscache.html
this is where I got the size of the dll
"A randomly named .dll file, which is 36864 bytes in size. This component has been distributed as a .cab archive with a random file name. The archive contains the .dll and a .inf file, with matching random file names. When loaded, the .dll downloads the file, Randomiser.exe"
this is the dll, that loads the virus
the other ones are the virus, if you don't get rid of the first, it will re-infect. If Norton has found and eliminated this one, then you just need to clean up the virus with no worry about re-infection
yes it should
http://securityresponse.symantec.com/avcenter/venc/data/downloader.mscache.html
this is where I got the size of the dll
"A randomly named .dll file, which is 36864 bytes in size. This component has been distributed as a .cab archive with a random file name. The archive contains the .dll and a .inf file, with matching random file names. When loaded, the .dll downloads the file, Randomiser.exe"
this is the dll, that loads the virus
the other ones are the virus, if you don't get rid of the first, it will re-infect. If Norton has found and eliminated this one, then you just need to clean up the virus with no worry about re-infection
After running Norton in Safe Mode, I was able to quaranteen the infected file. I then installed 26 critical updates which fixed the Outlook Express (original problem), ran a scan again under Safe Mode and Norton detected 0 viruses. I am going to consider this one fixed. Thanks again for all of your help. It took about 5 or 6 hours to get this done but I know my neighbor is very appreciative.
EARN REWARDS FOR ASKING, ANSWERING, AND MORE.
Earn free swag for participating on the platform.
Glad you got it fixed for them!
Anti-Virus Apps
--
Questions
--
Followers
Top Experts
Anti-virus software was originally developed to detect and remove computer viruses. However, with the proliferation of other kinds of malware, antivirus software started to provide protection from other computer threats. In particular, modern antivirus software can protect from malicious browser helper objects (BHOs), browser hijackers, ransomware, keyloggers, backdoors, rootkits, trojan horses, worms, malicious layered service providers (LSPs), dialers, fraud tools, adware and spyware. Some products also include protection from other computer threats, such as infected and malicious URLs, spam, scam and phishing attacks, online identity theft (privacy), online banking attacks, social engineering techniques, Advanced Persistent Threat (APT), botnets and DDoS attacks.