Welcome to WebmasterWorld Guest from 126.96.36.199
Forum Moderators: bill
AVG lists the .exe file when doing a scan (it shows up as clean even though its a known trojan), but looking at the folder its supposed to be in through Windows 2000 (NT) doesn't show the file. I used a rootkit revealer program, it also detected nothing. How can I remove the file if Windows doesn't see it?
However, your question was about how to delete this seemingly hidden file. Can you see the file in Safe Mode? How about via the DOS Window (Command Prompt)?
If you can't get at the file via those methods then you might want to look at booting from a CD and then zapping the file from there. BartPE or even a Linux CD like Knoppix will let you access your disk data without letting Windows boot at all.
How do I access DOS to see what's on my computer? What command line would I use to delete the bad file if I find it through DOS? I haven't used DOS in at least 10 years, I can't remember how to get to it, look for files or directories or delete them.
type cmd into the Open: window and click
Start ¦ Run...
. That brings up the command line window. Change to the location where the file is using the
(Change Directory) command. See if the file shows up there. To delete a file type DEL filename.ext.
P.S. among others, useful tool to detect ‘unusual’ files is “HijackThis”
I imagine someone is either remote accessing my PC or my computer is automatically trying to read and send info.
However, it would be wise to do a fresh install of the OS and update Anti-virus/Anti-Spyware definitions/patches. Use a firewall, spam filters on mail and use strong passwords.
Hope this helps you.
Is your filesystem fat or ntfs on your c: drive?
Also what exactly is the filename that avg is reporting.
[edited by: bill at 4:16 am (utc) on May 17, 2006]
[edit reason] URL not necessary [/edit]
I don't know what fat or ntfs means with respect to my C drive.
Grinler is asking what the file system format of your C: drive is. MS has some info here: Overview of FAT, HPFS, and NTFS File Systems [support.microsoft.com] and here: NTFS vs. FAT: Which Is Right for You? [microsoft.com] among others...
If its fat, than you can download a bootdisk for xp or 6.22 and delete the file from the command prompt that opens. Do a google search for bootdisk.
If on the other hand you have ntfs, it will become more difficult.
Msoff.exe is a trojan that steals online banking information. So once we get this cleaned, you may want to change any online banking passwords you use.
First things first, download autoruns from sysinternals and run it. When it is started, click on the Logon tab. Now look through the entries (prob under one of the Run keys) and see if you have one that has the name Microsoft office with the image path of msoff.exe.
If it exists, right click on it and delete it. Reboot and see if you can now see the c:\windows\system32\msoff.exe file. I do not believe this particular infection uses rootkits to hide it, so we may be safe in that aspect.
I would give you direct links to these tools, but not sure how WebmasterWorld likes that.