Solved

mousebut.exe trojan?

Posted on 2004-03-23
5
493 Views
Last Modified: 2010-04-12
I have had two instances of people with this virus/trojan in the last week.

One on Win 98 was captured by Norton but left a reference to it in the win.ini on start-up. I removed the win.ini reference and all is OK

The other, today on Win 2000 Pro was captured by Norton, but Norton AV keeps picking it up and giving the user a message on the screen that it has found a trojan.

There is hardly any reference to it on the web, nothing on Symantec or MSKB, Sophos or Mcafee.

Anyone know about this?
0
Comment
Question by:gerlis
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
5 Comments
 
LVL 11

Accepted Solution

by:
ghana earned 125 total points
ID: 10660827
I just found this URL:
http://www.mcse.ms/message433341.html

I would search the registry for mousebut.exe items and delete them as described.
0
 
LVL 4

Expert Comment

by:hawgpig
ID: 10677427
I have had this problem before....
Check to see if the hard drive is shared...
i.e. do you have a share allowed on the c: drive of the win 98 box...
If you do MAKE SURE YOU HAVE A GOOD PASSWORD.....
Do not allow a NO PASSWORD or SHORT WORD password
Some viruses will try to install themselves using vulnerabilities in the OS....
Make sure you have your OSes updated.......
I had a Client with the exact same problem.....
the issue was that they had shared the win 98 box c: drive without a password...
Check this see what happens...
also norton should note what virus it spots...
what is the name of the virus???

0
 
LVL 1

Author Comment

by:gerlis
ID: 10708121
I was able to see the problem first-hand today at this client

It had simply left the remnants of the virus (ie references to mousebut.exe) in about 3 placres in the registry. Norton's had actually successfully deleted the infected file itself. Once the values were removed from the registry, no more start-up message appeared.

It has nothign to do specifically with shares across a network, it is defined by Nortons as a rare trojan (maybe not so rare now, eh?). All viruses love networks and will rapidly spread across them, if they can.

In this instance I have to give the points to ghana as the soloution was a registry clean to remove the mousebut.exe references.

Thanks to all

Howard Gerlis
0
 
LVL 11

Expert Comment

by:ghana
ID: 10708188
Thanks. Glad we could help you.
0
 
LVL 1

Author Comment

by:gerlis
ID: 10708208
E-E help always appreciated.

I like to think I represent the UK section! I live in London.
0

Featured Post

2017 Webroot Threat Report

MSPs: Get the facts you need to protect your clients.
The 2017 Webroot Threat Report provides a uniquely insightful global view into the analysis and discoveries made by the Webroot® Threat Intelligence Platform to provide insights on key trends and risks as seen by our users.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Transferring data across the virtual world became simpler but protecting it is becoming a real security challenge.  How to approach cyber security  in today's business world!
Did you know that more than 4 billion data records have been recorded as lost or stolen since 2013? It was a staggering number brought to our attention during last week’s ManageEngine webinar, where attendees received a comprehensive look at the ma…
Do you want to know how to make a graph with Microsoft Access? First, create a query with the data for the chart. Then make a blank form and add a chart control. This video also shows how to change what data is displayed on the graph as well as form…
Visualize your data even better in Access queries. Given a date and a value, this lesson shows how to compare that value with the previous value, calculate the difference, and display a circle if the value is the same, an up triangle if it increased…

622 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question