Dear.. I having a same problem also... Can i delete the "mustafx.exe" from sys32 folder? Plz... All PC guru & genius...plz help us..!

0

Hello all, If you have long enough after your pc boots up try this prevent shutdown run command... Click "Start" > "Run" and type in "shutdown -a" without the quotes ("). note the space between shutdown and the minus sign This is typically an xp command code but I have seen it work on vista also. It should prevent your pc from rebooting allowing you to run antivirus software, antispyware / adware software or download the program(s) you wish to run to try and clean the infection. I hope this helps.

0

Same problem here, will it help if I just reformatted the Pc?

0

Hi there, Has anyone been able to find a cure yet?

0

Not that we don't believes in turning off automatically restart. It worth a try, but how do you delete the files and keep them from returning to resolve the problem? Grneyes357

0

Re-formatted the drive and reloading your OS should fix the problem. But there got to be a better way than having to reload all of your programs. A reload should be the final draw. Grneyes357

0

It seems after a search online that this particular piece of malware may be relatively new due to the lack of hits on a number of search engines and virus databases. To advice on a definite generic removal process for an infection that is an unknown would be fool hardy. At first glance the malware affects system files and shutdown procedures... this is indicitive of the fact it basically hijacks a system and renders it useless beyond the users control. A forced deletion might be the worst thing that could be done. At second glance the malware may be memory resident also, due to the fact that in your first post grneyes357, you mentioned that you "did a rollback and it work for 8-10 hours and when I logged off it came back" So you see this could get tricky. If I was in this predicament I would, (1) Prevent the reboot process (2) Flush the restore points (3) Run my cleaning program - ccleaner (4) Update and run each of my anti-spyware and anti-adware programs in turn 1)superantispyware 2)spybot search and destroy 3)adaware (5) Get avast to do a boot-time scan (this is my antivirus program) (6) Turn on system restore and hope for improvement. (7) Improvement pending, I would run a few online scans (with heuristic properties) to see if malicious script can be detected. Basically I would do all this on my own system and keep my fingers crossed.

0

misslair >>>>>Also a message pops up saying ntvdm has caused an illegal operation. gives an error code, then the pc reboots.<<<<< Turn off automatically restart Some HELP in posting on Cnet plus free progs and instructions Glad to Help!

0

Do you know how or where you got it! It would help others if We,the non infected could find the badly written code(file) and submit it. http://www.virustotal.com/

0

I have my nephews laptop sitting here infected with the same thing. I submitted the files to virustotal.com and virusscan.jotti.org and neither comes up with anything. I have managed to get the laptop to stop rebooting. Safe mode seems to work and doesnt cause a reboot. I took a flashdrive and downloaded a few cleanup apps ( avast, vundofix, smitfraudfix, ATF cleaner, CCleaner, and Adaware) and was able to scan in safe mode. Once I ran through those apps, I was able to boot up to the desktop in normal mode and it didnt reboot anymore. I still have the mustafx.exe and mustafx2.exe errors on the desktop, but it doesnt cause a reboot anymore. I manually searched the files, removed them (in safe mode and regular mode), and they recreate themselves on reboot.

0

I have not had a chance to do anything since mine was actually my dad's pc. Going over today to try this. The other thing I saw in my searching around was that the mustafx.exe and mustafx2.exe are in the registry. Will give the exact registry key when I get home, but when deleted, they come back on next reboot, so it is definitely a virus. I just want to see what it does after I turn off auto restart. BSOD or anything would be better than I have now. Will report whatever I find. Thanks xpuser4real, for your quick response.

0

You may have to turn off system restore, then delete the entries in the registry. Then if the entries are gone on reboot, turn restore back on. If you can boot up into safe mode with networking, try an online scan with bit defender and see if it finds the problems. See how you make out, there are more free scans listed in the red link in this post. Let us know how you make out, thanks. Some HELP in posting on Cnet plus free progs and instructions Glad to Help!

0

Turning off automatic restart doesnt work for me. I checked it and it was already unchecked.

0

A google search shows that it has now been identified, here is the info. mustafx http://www.google.com.au/search?q=m... Command: mustafx.exe Description: Identified as a variant of the Trojan.Virantix.B malware. File Location: %System% Startup Type: This startup entry is started automatically from a Run, RunOnce, RunServices, or RunServicesOnce entry in the registry. HijackThis Category: O4 Entry Note: %System% is a variable that refers to the Windows System folder. By default this is C:\Windows\System for Windows 95/98/ME, C:\Winnt\System32 for Windows NT/2000, or C:\Windows\System32 for Windows XP and Vista.

0

I got this from the CNET web site. I have not tried it, but I will tomorrow and let you'll know how it work. If it don't, a co-worker had this problem and he reformatted and reloaded and all is well. That will be my final move tomorrow if this fail. Resolved - New! by rcssuk - 1/8/08 1:16 PM In reply to: Computer stopped working, Please HELP by Carlschillis - go into safe mode F8 as pc boots - Delete the mustafx and mustafx2 exe files in C:\windows and c:\windows\system32 - Open notepad and in the blank file you see click save as - save as dummy1.txt in system32 folder - save as dummy2.txt in system32 folder - Explorer to system 32 - Make sure you can see hidden files and folders, File extensions and system files (Tools folder options View) - Rename the two new files to mustafx.exe and mustafx2.exe - hightlight them select properties and change to read only and system files (Now virus cannot remove them) - check msconfig for 3 files in Docs and settings/all users/startup/programs/startup for 3 other files you need to delete something like eyey.exe etc - restart windows normally. Voila GOOD LUCK Fellows PC'ers Grneyes357

0

Okay here we go...I tried turning off auto restart. It did NOT work. I then went back into safe mode and did a search for all files created the day the problem started. The list was loooong. I then deleted the following: nzqf.exe, wnstssv32.exe, 9u5yt0rs.exe. Then I rebooted. It came up, still ran the mustafx and mustafx2 boxes, but didn't reboot itself anymore. Then I redid my search. smss.exe, lsass.exe, spoolsv.exe all in c:\program files. Deleted these. Also found a file called userinit.exe in c:\program files\symbols. Deleted. Found a file called kernel in c:\program files. Found kernInstall in c:\program files\temporary. Have never had avp. Also found a file called avp.exe in c:\winnt. Deleted all of the above. I mentioned earlier that mustafx.exe and mustafx2.exe are in a registry key. That is hkey_local_machine\software\microsoft\windows\current version\run. Also, of course I emptied all temp files and temporary internet files. Before I did all this I couldn't run any scans online. The minute I mentioned anti virus, my iexplorer locked up. Now I can scan. I started one, but had to leave, so will see results tomorrow. I am still getting the boxes as I said before, so still not fixed, but atleast the reboot issue has been fixed. Good luck all....I will keep you informed on any new developments.

0

I forgot to mention when I found the userinit.exe file, it was the first file I found created that day, so I highly suspect it is the original trigger file. It was also hidden, so if you don't show hidden files, you won't even see it.

0

I tried my post Response Number 21 and it worked. the files are still in my msconfig, but no reboot. Grneyes357

0

grneyes357, Have you considered using Hijackthis to clean up the invalid files? Because you have come along so far with this it might be all that's needed now. You can use this utitility to scan and provide a logfile which you can submit for analysis. If you decide to run the scan and use the "fix" option it provides be sure you are certain the entries are ones that you want to remove. You can download HJT installer from here: HiJackThis Select "Do a system scan and save a logfile". This will not make any changes, it will simply provide a logfile that you can work from. The contents of the notepad document can copied and pasted for analysis here: HiJackThis Logfile Analysis You will get a summary of what's running on your system and from this you can make an educated assessment of what needs to be "fixed". Please research all entries thoroughly before you choose to fix them if you decide to try this.

0

Thanks, btklwl, your suggestion helped stop the auto reboot so I could investigate this problem. Thanks also to grneyes357 for the suggestion on creating dummy files. Since I have only seen this on my computer (WinXP Pro), my assumption is that each computer will be slightly different because I believe it depends on what programs you have installed. The first culprit is the "beep.sys" file. It is a necessary file, but it has been overwritten by the trojan. It creates the "mustafx.exe" & "mustafx2.exe" files as well as a "murka.dat" file. All of these are located under the "Windows" and "Windows\System 32" folders - except for the "beep.sys" files. They are located under the "Windows\System 32\dllcache" and "Windows\System 32\drivers" folders, and they are identical files. On my computer, I had the following programs hijacked (this is where my hijacked files could be differen than yours): navapw32.exe (Norton Antivirus) zlclient.exe (ZoneAlarm) amountain.exe (A Open mouse driver) PsdrvCheck.exe (Pinnacle Systems) It also created the folder "Program Files\Helper" and installed "Helper9.dll". Another thing it did was disable Norton Antivirus and ZoneAlarm. Even when I uninstalled and re-installed both programs, they wouldn't run. I had to replace the "beep.sys" file (in both folders) and remove the "mustafx" and "murka.dat" files. I rebooted and all is now operating normally. The "mustafx" files have not returned and I have deleted all references to these including the dummy files. I also removed references in the Registry. My suggestion would be to search for all files that were created or modified when you started experiencing the problem. Any normal ".exe" file that was hijacked will need to be replaced. Be very careful about deleting these executable files. Some of them may be Windows system files and the only way to get them back is to re-install Windows. One other thing, I have a good copy of "beep.sys", but I'm not sure how to copy it to this forum. Also, I am not a programmer nor a power user. I'm just someone who is familiar with working on computers. Good luck!

0

Found this on a computer with other viruses too so I cant isolate it very well. However, I deleted beep.sys and the exe spawned 1 more time and stopped. To replace it: Pop in your windows disk (if its an HP or Gateway you have to select manual install). At the first menu screen, hit R for Repair. Follow prompts to select your windows install directory and enter your admin password (usually blank). At the prompt (C:\>) type the following: *NOTE: replace [CD] with your cd drive letter (such as D:\blah...) cd windows\system32\drivers del beep.sys expand [CD]:\i386\beep.sy_ (should say 1 file expanded) cd .. cd dllcache del beep.sys expand [CD]:\i386\beep.sy_ (1 file expanded again) cd .. del mustaf*.* (should delete 2 files) exit Take out the windows disk, restart the computer, and check your system32 directory for the mustafx files. If they exist still, deleted them and restart - they should be gone! Reinstall your antivirus/antispyware if needed and do a deep scan in safe mode with system restore disabled. I recomend AVG and AVG-AS.

0