What creature is "MSNUPDATE!@#@.EXE" ???

Whenever and always as I open my “MSN EXPLORER” browser, my “Prevx Home” gives me the following “Intrusion Warnings”:


  1. The application msn is trying to READ, DELETE the protected file/directory
    C:\PROGRAM FILES\MSN\MSNUPDATE!@#@.EXE

  2. The application msn is trying to DELETE the protected file/directory
    C:\PROGRAM FILES\MSN\MSNUPDATE!@#@.EXE


, which I can either Allow or Deny !


By the way “Prevx Home” explains:

“” Install Attempt (*.exe)
This is due to a protected file or directory in the Program Files directory being modified. Windows updates and software installations/configurations may modify these files. If you are not installing or updating any programs, then this may be malicious activity. “”


I allow each time, the “DELETE” of this file (MSNUPDATE!@#@.EXE) to happen, because it:

  1. has a strange name, nowhere in Google to be found.
  2. I cannot under any circumstances find it in my PC (in
    the above directory and Avast shows no
    virus/worm there either).
  3. It is known that a worm called
    “Backdoor.Win32.Codbot.z” hides in the same
    directory in “msnupdate.exe” and has
    the following capabilities:
    "# Allows others to access the computer

    Downloads code from the Internet

    Reduces system security

    Installs itself in the Registry

    Exploits system or software vulnerabilities "


By the way my PC was under control of a hacker for 2 months by two trojans (now removed) but I still see suspicious periodic escape of bytes, when I’m online.


Now my questions:
Am I taking the correct action by "Allow"ing the “application msn” to “DELETE” it??
And why is this file nowhere to be found (also in hidden files)?


Thanks a lot for your explanation & recommendations!

Are you using Windows XP?
Can you schedule a boot-time scanning?
Start avast! > Right click the skin > Schedule a boot-time scanning.
Select for scanning archives.
Boot.

Access denied - like when you can’t delete a file - means, generally, that the file is in use by another process (program) and cannot be repaired/cleaned/moved/handled by avast!

If a virus is replicant (coming and coming again), you should:

  1. Disable System Restore on Windows XP: http://support.microsoft.com/default.aspx?scid=kb;[LN];310405
  2. Clean your temporary files.
  3. Schedule a boot time scanning with avast as I’ve wrote before.
  4. Use a-squared, Free AVG Antispyware, SUPERantispyware or Spyware Terminator (trojan removers).

:slight_smile: Hi :

 Perhaps you should ask on the Prevx Support Forum at

 www.castlecops.com/f146-Prevx1.html   !?

It might just be some strangeness from an incomplete installation or incomplete update.

You could try uninstalling the program, reboot, run a registry cleaner, manually remove any left overs, and reinstall the program. I would disable Prevx during the uninstall and reinstall.

This is just a guess, however.