Hello, Anyone ever heard of a file named msngmsngr32.exe ? It's 34.5 KB, no version information on it, I have searched online for an hour and cannot find anyhting on this file????? Not like I'm a newbie either (LAN administrator) It's located in the System32 directory. Have XP laptop that was just cleaned up from spyware with Spybot, Ad-Aware SE, Webroot Spysweeper, Norton IS 2004 and TrendMicro's Housecall everything but Housecall found something. Now Norton Internet Security is asking for msngmsngr32.exe for acces to the internet. Feel like I'm in a time warp - nothing online about it. Last issue on this was Task Manager not working - sooo - I went into SAFE MODE, zipped the msngmsngr32.exe in a zip file and and then whacked the original file. Rebooted - Voila - Task manager now works. Any knowledge on this file would be appreciated, Thanks, FH

Could this be it? http://www.google.com/search?hl=en&q=msnmsg32.exe&spell=1

If you still have the file you can upload and check it here; http://virusscan.jotti.dhs.org/ What it looks like in a hijackthis log. O4 - HKLM\..\Run: [Microsoft Instant Messenger] MSNGMSNGR32.exe O4 - HKCU\..\RunOnce: [Microsoft Instant Messenger] MSNGMSNGR32.exe

I just did a search on my computer for msngmsngr32.exe. I just performed a full install of WinXP (Saturday) and my search did not turn up a file by that name.

Abnormal: yep that's it. Way cool site @ jotti.dhs.org !! THAT one gets bookmarked.

What did it find? Because this post will hit google soon and as you know, not much info. The real messenger run line is O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

Looks like Malware, Norman seems to have the best info on this: Service load: 0% 100% File: msngmsngr32.zip Status: INFECTED/MALWARE (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database) Packers detected: PE_PATCH.MORPHINE, MORPHINE, UPX AntiVir No viruses found (0.43 seconds taken) Avast No viruses found (1.50 seconds taken) AVG Antivirus No viruses found (0.75 seconds taken) BitDefender Win32.P2P.SpyBot.018415E3 (0.48 seconds taken) ClamAV No viruses found (0.58 seconds taken) Dr.Web Win32.HLLW.SpyBot (0.90 seconds taken) F-Prot Antivirus No viruses found (0.16 seconds taken) Fortinet No viruses found (0.45 seconds taken) Kaspersky Anti-Virus Backdoor.Win32.Spyboter.gen (1.27 seconds taken) mks_vir No viruses found (0.27 seconds taken) NOD32 probably unknown NewHeur_PE (probable variant) (0.63 seconds taken) Norman Virus Control Sandbox: W32/Malware; [ General information ] * File length: 35360 bytes. [ Changes to filesystem ] * Creates file C:\WINDOWS\SYSTEM\msngmsngr32.exe. [ Changes to registry ] * Creates value "Microsoft Instant Messenger"="msngmsngr32.exe" in key "HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce". * Creates value "Microsoft Instant Messenger"="msngmsngr32.exe" in key "HKLM\Software\Microsoft\Windows\CurrentVersion\Run". [ Network services ] * Connects to "roxz.rioxx.ms" on port 6668 (IP). * Connects to IRC Server. [ Process/window information ] * Will automatically restart after boot (I'll be back...). * Attemps to open C:\WINDOWS\SYSTEM\msngmsngr32.exe NULL. * Creates a mutex [c]. * Enumerates running processes. (2.87 seconds taken)