Every time I boot up I get this message Cannot find the file 'MSREXE.exe' or one of its components I recently deleted some files because they were detected as a trojan and Norton Antivirus couldnt fix them. If this is a main file I need can someone email it to me.

Error: "Windows cannot find [file name]. This program is needed for opening files of type 'Application'. Location of [filename]: " after removing a virus The Backdoor/SubSeven 2.2 Server Virus May Cause an Error Message

Got your self a little trojan did ya? It's called Subseven and is fairly easy to get rid of. And get yourself some good andtivirus and trojan software. Larry On the Windows taskbar, click Start and then Run. Type regedit (for W9x) or regedt32 (for Windows NT), enter Modify the following Registry value, key: HKEY_LOCAL_MACHINE\Software\Classes\exefile\shell\open\command HKEY_CLASSES_ROOT\exefile\shell\open\command\ In this key it should contain only this value "%1" %* and nothing else. Change "mueexe.exe "%1" %*" to ""%1" %*" Don't forget the space between " and %. ("%1"spacebar%*) HKEY_CLASSES_ROOT\.dl Delete this key ( directory), .dl is running like a .exe, is a created key (dir) by the trojan. Delete Windows\System\MSREXE.exe file. Edit WIN.INI and remove the run=line reference to the trojan (run=MSREXE.exe), mostly used by backdoors

BackDoor-G2.svr.21 A 'Medium-Level' trojan that arrives as an attachment in your email, it is usually disguised as a picture file (.JPG or .BMP). When you click on the picture file, two '.EXE' files are loaded onto your hard drive, MSREXE.exe and one of the following three: RUN.EXE, WINDOS.exe or MUEEXE.exe. Unfortunately, these files may not be on your hard drive under these particular names. Look also for garbled files, like: 'RLSIEHTOS2ERSKLDSOXZK.EXE'. This trojan allows remote access, via the internet, to your user files and data files. You may see strange boxes pop up on your screen, or keystrokes being entered without your interaction. The trojan can also make changes to your WIN.INI, SYSTEM.INI and Registry files. These changes will result in an error message popping up everytime you try to run a program with a '.EXE' extension. The error message may say "cannot find MSREXE.exe or something wierd like, "cannot find RLSIEHTOS2ERSKLDSOXZK.exe". Removal Do not clean or delete any of the infected files yet! First off, it's important to realize that older versions of anti-virus software won't necessarily find this trojan. Some may find it, and clean or delete the infected files, but won't repair the Registry. Look for information on your anti-virus program's website. The registry changes that are made by BackDoor-G2.svr.21 will prevent you from running any '.EXE' programs, which means REGEDIT.exe can't be run at this time. If you try to start a program with a '.EXE' extension you'll get an error box that says 'File Not Found'. Make note of the file it says it can't find The example above is RLSIEHTOS2ERSKLDSOXZK.exe. (Anywhere the file MSREXE.exe is mentioned, it may be replaced with this other filename.) It's necessary to rename REGEDIT.exe to REGEDIT.COM. Files with a '.COM' extension are also executable program files! (In WindowsNT, you would change REGEDIT32.exe to REGEDIT32.COM) Start a DOS session by clicking on START/PROGRAMS/DOS PROMPT, or click on START/RUN, type COMMAND and press ENTER. At the DOS prompt, make sure you're in the Windows directory, and type: REN REGEDIT.exe REGEDIT.COM Close out of the DOS session. Now, from Windows, you can click on START/RUN and type REGEDIT. The Registry Editor will open. If you're not familiar with making changes to the Registry, get someone who is! Check out HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run. When you click on the 'Run' key, delete any entries that make reference to the trojan. Look at the 'RunServices' key in this area and delete any references found there. Next, look under HKEY_CLASSES_ROOT\exefile\shell\open\command. You'll see the entry: (Default) = MSREXE.exe "%1"%* Change this to read: (Default) = "%1"%* Do the same for the identical entry under HKEY_LOCAL_MACHINE\Software\CLASSES\exefile\shell\open\command. Also, check under HKEY_CLASSES_ROOT for the key '.dl'. If you find it, delete it. Exit the Registry Editor. Edit the WIN.INI file. If there is any reference to the trojan on the line that says 'run=', then delete it. For example, if the line says run=RLSIEHTOS2ERSKLDSOXZK.EXE, then change it to just read run= . Edit the SYSTEM.INI file. Under the [boot] section, If there is any reference to the trojan on the line that says 'shell=', then change it. The line should only say shell=EXPLORER.exe. Restart the computer, search for any of the files associated with the trojan and delete them. Make sure the original email and attached trojan are deleted.

Please note that any/all filenames in this document are simply Default names. The trojan can be configured to use Any filename, or even to randomly pick a filename each time it infects a computer. For this reason, you should always use the filenames provided by your antivirus software. While the default filename is msrexe.exe, there are many reports of the filename mueexe.exe being found as well, for 2.1 Gold. windos.exe is the name used by the MUIE versions, and win32.exe is used by SubStealth. Also newer releases of this trojan default to pick random names. The trojan can use 4 main methods to load itself. Each and every trojan can be changed to use any combination of the below methods, so your infection may use only one, or it may use all of them, or anything in between. You should check each location for the filename(s) reported by your antivirus software. C:\Windows\Win.ini At the top, look for two lines reading: run=msrexe.exe load=msrexe.exe If you see either file above (or the file reported by your antivirus software) then you will want to delete the lines in question. Registry (You will need to run regedit to edit the registry.) Follow the paths using regedit and find: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\ each containing (default key name) WinLoader = MSREXE.exe Both of these should be deleted (Right click and choose Delete.) C:\Windows\System.ini In the System.ini file, the line containing: shell=explore.exe msrexe.exe should be changed to shell=explore.exe (I.e. simply removing msrexe.exe from the end of the line.) Registry (.exe filetype handler) The last, and most cleverly hidden method, is now known. Using this method, any time you run an .exe file, windows will also reload the trojan into memory. An additional side effect of this is, if you delete the trojan, windows will not know how to run Any .exe file. Below is steps to remove the trojan safely, and to repair the damage to windows so the system can run .exe files. Restart your computer in MS-DOS mode. All of the steps below will be carried out in DOS. You should be at a C:\windows\> prompt. Any text in Bold below means you should type it on the DOS line. Make sure you are at the C:\Windows\> prompt now. rename windos.exe windos.___ This is the trojan, and renaming it keeps windows from loading it again. From this point on, windows cannot run .exe files. cd .. Simply to move back one dir into C:\ regedit /e file.reg hkey_classes_root\exefile\shell\open\command This will export the registry key that needs to be edited, and place it in a file. edit file.reg Opens the file in your text editor. In this file, look for the line that reads: @="WINDOS \"%1\" %*" And edit so it reads: (Take out WINDOS and the space after) @="\"%1\" %*" Save the file and exit edit. regedit file.reg This imports the edit you just made Back into the registry. exit You will now be taken back to windows. Verify that you can indeed run an .exe program, without windows asking to find windos. If windows asks to find windos, you will need to attempt these directions again. Be sure to delete the c:\windows\windos.___ file once removal is successful. After a reboot, you will find two files in c:\windows\, one named MSREXE.EXE, the other WINDOS.exe. You should delete both.