Hello,

For some reason, last night (I just noticed this) there was an RPC error(where windows terminates "unexpectdly")... Well, I patched that up, but this was only the beginning of my problems. I hurried up and installed zone alarm. The overflow was coming from a program called msconfig32.exe. This program wasn't letting me use regedit/task manager/run/msconfig. I hurried up and used a 3rd party program to stop it, and then I found it and deleted it. (it was in the dir C:\windows\system32\). I deleted all the register keys that had it so msconfig32.exe started up at run, and did that in msconfig too.

but... When I restarted, so did my problems. It was doing the same thing as last time. I installed another virus scanner, which picked up 2 trojans, but they were allready distroyed and these had nothing to do with the problem I am having.

So then I surfed around here to see if anyone had some of the same problems. Well they did, but none of it helped. I tryed the online RAV scanner and a online trojan scanner and both didn't pick up anything.

This virus/trojan or whatever it is is really bothering me. I've googled for it, but it only returned a few results about TULU. Yet that isn't what it is. It didn't copy itself to some of the file names it should've..

Thanks,
Todd Mueller

First of all nice topic above!!!
I have kind of same problems, I cant access regedit,msconfig,task mannager. yet i didnt find the file msconfig32.exe in the folder u said (C:\windows\system32).
Why did u decide that it is the problem with msconfig32.exe, maybe it is something bigger, but definetly not the msconfig32.exe since i cant find it anywhere in my computer.

My bet extrinsik
It is Msconfig32.exe the problem. look at my task manager (i made a print screen prewiev and i spoted it since after 2 sec the task manager colses itself.)
http://www.geocities.com/uraver2002/s---.JPG
So what do i do next??? any ideas guys??

FOund it on desktop, but how do i delete it?????????? i cant and i tryed norton antivirus aswell and tweak xp file shredder too (((

Did u try SFC /Scannow???

You are infected with W32.Spybot.worm. Removal instructions here:

http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.worm.html

Removal Instructions:

Boot into safe mode and click Start > Run > type command and click OK. Type the following and hit enter after each.

cd\
cd \windows
copy regedit.exe regedit.com
start regedit.com

Click the + next to the following keys.

HKEY_CURRENT_USER
Software
Microsoft
Windows
Current Version

Scroll down and right click on the RunOnce folder and click delete. Scroll up and click the - next to HKEY_CURRENT_USER.

Click the + next to the following keys.

HKEY_LOCAL_MACHINE
Software
Microsoft
Windows
Current Version

Scroll down and click on the Run folder. In the right hand window, right click on MSCONFIG32.EXE and click delete.
Close regedit.

Find MSCONFIG32.EXE and delete it.

Reboot to Windows. Then go to http://www.dougknox.com. In the left pane click on 'WinXP fixes'. Then in the main window click on 'File association fixes'. Download and run the Exe file association fix.

msconfig32 is just infeceted and the hack/virus is
called webdav.exe with dcom.exe view message
5888 I hope I could be a bit of help

I've got the same problem, and I did exactly the same as extrinsic. The virus shutdown my computer, and infected the msconfig32.exe file. Msconfig32.exe attempts to access the internet about every ten seconds (I'm dial-up, so it asks what connection to use), and I get the message that me, or a one of my programs is attempting to access the website ryan19188.cjb.net. Is there anyway to find out what this website is?

I installed zonealarm, and downloaded rav, but just as in ex's situation rav didn't notice it.

According to TDS-3, the virus is called DDoS.RAT.SpyBot

I used numerous trojan hunters, but this was the only trojan hunter that found the virus.

if you haven't done this yet , please go to this website and apply Microsofts patch
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS03-026.asp

heres what i had to do to rid my pc of this problem :
go to windows folder and find taskmgr.exe and make a copy of it. rename that copy to whatever you like and run it, the bug/virus won't catch it then. Take note as to what the file name of the virus is. Most of the time, it's running in the way bottom of the processes tab, just about system
zap it by highlighting it and pressing end process. Now, go to window\system32 and search for that file name you remembered from earlier. On my machine it was hidden, so make sure you have explorer set to show hidden files.

in my taskmgr.exe window it showed up as MSCONFIG32.EXE
some have said too look for these as well wincfg.exe and wincfg.src. These latter were not on my system.

I don't know if this was part of the trojan that was infecting my pc, but after deleting the MSCONFIG32.EXE file , I ran my updated virus scan,and then went browsing add/remove programs. I found something called mIRC installed there. I removed it and rebooted, my problem went away.

first,go to ur startup folder and delte any tftpxxx files or webdav files. then go to run and type cmd, then type tskill(space)msblast or msconfig32.exe, for me it was msblast. then u can hit ctrl alt delete and under processcess see if anything like msblast is running and delete it. then u need to go to ur c:\windows\system32 folder and delete msblast or msconfig32.exe out of there. then i would suggest gettin a firewall. i have norton personal firewall

"I found something called mIRC installed there. I removed it and rebooted, my problem went away. "

um mIRC is just an IRC client. it is not a virus.

I had this same problem. Task manager wouldn't stay up, and neither would regedit. Also, my computer was continually trying to connect to ryan1918.cjb.net or ryan19188.cjb.net. However, I found a series of files along with msconfig32.exe that also seemed to be associated with the virus - the Run and RunOnce registry keys listed one of these other files. They are in the System32 directory (for Windows XP) and have filename composed of randomly generated characters, such as "bsctkgonyx.exe" or "amkanizsvs.exe." There were exactly twenty such files, all of them modified on August 5. When I first found them, it was by doing a search for all files modified on that date, so you might be able to find them the same way. Removing the registry keys and deleting or renaming all these files solved the problem on my computer.

Working on user's home computer here at work. I found under safe mode with XP that the msconfig32 would still load and prevent access to regedit/task manager, etc. Even after doing the registry workaround (regedit.exe to regedit.com) and deleting the keys for Msconfig32, it would still load at startup. With it loaded and running, the computer wouldn't let me delete the file.

My workaround - I changed the extension of msconfig32 to .~xe and rebooted. The program did not load after this, and I once again had access to task manager et al. I could also successfully delete the file.

I had a similar problem, with Taskmgr, etc, not running, and thanks to Lrkskrn's advice above I have successfully removed the "virus".

For the info of those who might be interested, there was no trace of msconfig32.exe, but here is what RAV found:

C:\WINDOWS\system32\ecbaeq.scr->(ASPack 2.12) - Win32/HLLW.SpyBot -> Suspicious

C:\WINDOWS\system32\wincfgxxx.scr->(ASPack 2.12) - Win32/HLLW.SpyBot -> Suspicious.

Hope that is of some help to someone.

I followed "Lrkskrn's" advice...renaming taskmgr...running...removing suspicious processes...everything worked well once I removed "wosdusdp.exe" Didn't have wincfg.exe, wincfg.src, or msconfig32.exe listed.

wow what a freakin headache. I have msconfig32.exe identified "infected" by several virus scanners...als the 20 randomly generated files in windws/system32 eg. ajdghsdjnbsd.exe ... also msblast.exe (find and delete in startup folder and registry)...I also have mirc which I am sure was somehow involved because this virus allows the perpetrator backdoor access to your computer to share files n irc (internet relay chat) ... i also have the same problems with taskmanager/regedit/
run ...I have deleted registry items,20 random files (u can find by size 22Kb in system32 folder they are hidden) I am going t try copying and renaming taskmanager and also changing extention of msconfig32.exe.... the virus tries to spread by contacting ip addresses using a mathematical approach i read about , which is why it tries t access internet repeatedly to send those 20 random files.
I will submit a fllowup shortly. Peace

Hello,
I have read all your messages and need someone to help me. That message about ryan19188.cjb.net continually keeps popping up on my computer.
I am an old person and completely computer illerate. I do not understand all the computer lingo in the previous messages you have all written.
Would someone out there please email me with step by step (kindergarden computer)help on how to get this gosh darn thing off my computer? Sincerely Cyndi

About the task manager, everytime I wanna access my task manager, it would even pop out. I looked for msconfig32 or any other mentioned in this thread but with no luck.

I have access to regedit and msconfig but not task manager. My taskmgr.exe is not in my c:\windows. Is that the problem?

Also in the internet explorer, everytime I wanna see internet options, it always says I have no permission to access. But I can access it through control panel. Help