TheTechGuide Forum

General Category => Tech Clinic => Topic started by: Mac10 on March 22, 2005, 09:57:46 AM

Title: Process Running i cant get rid of
Post by: Mac10 on March 22, 2005, 09:57:46 AM

Ive tried everything possible to get rid of this process MSPCI.EXE with no luck. I got it to go away for awhile but it just comes right back after like 30 min. Its really screwing up my Computer can anyone help? Also theres this other process i cant get rid of too HWCLOCK.EXE Please Help /ph34r.gif\' class=\'bbc_emoticon\' alt=\':ph34r:\' />

Title: Process Running i cant get rid of
Post by: guestolo on March 23, 2005, 12:07:23 AM

Hi Mac10, it may be best if you post a Hijackthis log

Please read this (http://\"http://www.thetechguide.com/forum/index.php?showtopic=14623\")

Title: Process Running i cant get rid of
Post by: Guest on March 25, 2005, 11:37:21 AM

That process showed up on my computer this week and I cannot get rid of it either.  What is iit!!!!

Title: Process Running i cant get rid of
Post by: Frank on March 25, 2005, 04:17:50 PM

We are seeing this too. We think that it is a new virus. sdbot variant. If anyone has any ideas please post.

Thanks

Title: Process Running i cant get rid of
Post by: amateur on March 25, 2005, 09:24:11 PM

Been busy trying to get rid of hwclock.exe now. Found by chance out that I could just move it to the desktop, reboot, and voila; gone! Don't know why, but it worked, and finally my computer is virus-free (I hope)

Good luck

Title: Process Running i cant get rid of
Post by: brad on April 01, 2005, 02:15:54 PM

I ran msconfig, went to startup, and unchecked mspci.exe and something called 3yd.exe which may have had something to do with it. I DIDN't choose startup- because it came back when I did. I just applied the changes and hit the reset button.
Then I started up in safe mode with command prompt, found mspci.exe in windows\system32, and deleted it. Maybe you can do this in the regular safe mode, but this was easier for me.
Then I rebooted and it was gone. Still don't know how it got there.

Title: Process Running i cant get rid of
Post by: frank G. on April 01, 2005, 07:57:17 PM

Hey ALL:
I also found mspci.exe last week in my laptop. My Norton antivirus program had expired and thought that was the reason I got it. So I cleaned the hard drive using the manufacture's CD'd; Reinstalled the drivers for my internal wireless card and as soon as I got to the internet, the process reapeared. I then deleted manually from safe mode and also deleted some pftp files that had zero bytes and were created in the same day I got the virus. Apparently it went away untill today when I try to connect to internet. The bastard is back!!!!!!

Title: Process Running i cant get rid of
Post by: junkit on April 03, 2005, 02:25:23 AM

hi pple, i found and deleted this file,  "mspci.exe-1F90A180.pF" which was found in my windows prefetch folder" D:\Windows\Prefetch ".

i then ran windows in the safe mode, unchecked the mspci.exe under msconfig "startup"

I then deleted the relevant files that contains the mspci.exe under regedit

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices

and it works.

Hope this helps  /smile.gif\' class=\'bbc_emoticon\' alt=\':)\' />

Title: Process Running i cant get rid of
Post by: Charlie on April 05, 2005, 10:40:21 AM

mspci.exe is located in the c:\windows\system32 folder, but it's been tagged as a protected windows file so you need to go into your file view properties and uncheck the "hide protected windows files" box.  Then go into the system32 folder and delete the mspci.exe file.

This is a new variant of the sdbot virus, and neither CA nor Symantec antivirus programs, as of 4/5/05 are aware of it.  

Some more details:

http://www.malwareblog.com/?p=143 (http://\"http://www.malwareblog.com/?p=143\")

Title: Process Running i cant get rid of
Post by: Guest on April 09, 2005, 11:05:19 PM

I don't know about the others, but hwclock.exe is fairly easy to get rid of. Restart windows in Safe Mode, then go to C:\Windows\system32 in My Computer. There will be a file called hwclock.exe. Delete this file and reboot. If you cannot find the file, go into Tools--> Folder Options --> View and make sure all hidden and protected files are visible.

I got this when I went on the internet without a firewall for a short period of time.