Process Running i cant get rid of

[Mac10]

Ive tried everything possible to get rid of this process MSPCI.EXE with no luck. I got it to go away for awhile but it just comes right back after like 30 min. Its really screwing up my Computer can anyone help? Also theres this other process i cant get rid of too HWCLOCK.EXE Please Help http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/ph34r.gif\' class=\'bbc_emoticon\' alt=\':ph34r:\' />

[guestolo]

Hi Mac10, it may be best if you post a Hijackthis log

Please read this

[Guest]

That process showed up on my computer this week and I cannot get rid of it either.  What is iit!!!!

[Frank]

We are seeing this too. We think that it is a new virus. sdbot variant. If anyone has any ideas please post.

Thanks

[amateur]

Been busy trying to get rid of hwclock.exe now. Found by chance out that I could just move it to the desktop, reboot, and voila; gone! Don't know why, but it worked, and finally my computer is virus-free (I hope)

Good luck

[brad]

I ran msconfig, went to startup, and unchecked mspci.exe and something called 3yd.exe which may have had something to do with it. I DIDN't choose startup- because it came back when I did. I just applied the changes and hit the reset button.
Then I started up in safe mode with command prompt, found mspci.exe in windows\system32, and deleted it. Maybe you can do this in the regular safe mode, but this was easier for me.
Then I rebooted and it was gone. Still don't know how it got there.

[frank G.]

Hey ALL:
I also found mspci.exe last week in my laptop. My Norton antivirus program had expired and thought that was the reason I got it. So I cleaned the hard drive using the manufacture's CD'd; Reinstalled the drivers for my internal wireless card and as soon as I got to the internet, the process reapeared. I then deleted manually from safe mode and also deleted some pftp files that had zero bytes and were created in the same day I got the virus. Apparently it went away untill today when I try to connect to internet. The bastard is back!!!!!!

[junkit]

hi pple, i found and deleted this file,  "mspci.exe-1F90A180.pF" which was found in my windows prefetch folder" D:\Windows\Prefetch ".

i then ran windows in the safe mode, unchecked the mspci.exe under msconfig "startup"

I then deleted the relevant files that contains the mspci.exe under regedit

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices

and it works.

Hope this helps  http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/smile.gif\' class=\'bbc_emoticon\' alt=\'\' />

[Charlie]

mspci.exe is located in the c:\windows\system32 folder, but it's been tagged as a protected windows file so you need to go into your file view properties and uncheck the "hide protected windows files" box.  Then go into the system32 folder and delete the mspci.exe file.

This is a new variant of the sdbot virus, and neither CA nor Symantec antivirus programs, as of 4/5/05 are aware of it.  

Some more details:

http://www.malwareblog.com/?p=143

[Guest]

I don't know about the others, but hwclock.exe is fairly easy to get rid of. Restart windows in Safe Mode, then go to C:\Windows\system32 in My Computer. There will be a file called hwclock.exe. Delete this file and reboot. If you cannot find the file, go into Tools--> Folder Options --> View and make sure all hidden and protected files are visible.

I got this when I went on the internet without a firewall for a short period of time.