Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works

Windows 2000 Installation Corrupted by Trojan

  • Please log in to reply




  • Member
  • PipPip
  • 10 posts
Hope you can help. Scanned my sister's PC on Housecall. Lucky her - it find 56 viruses. I was forced to install the drive as a slave into my PC. Housecall deleted all the files.

One of them was msudp4.sys which is a trojan that disguises itself as a system device. I can't boot into Safe Mode. I get the BSOD saying that this file is missing. I can't repair the installation using my Win2k Pro disc. The system needs to restart to get to the next step of the repair and I get the BSOD saying that this file: C:\winnt\system32\msudp4.sys is not found.

Here's the big question. How do I fix this? More specifically, how can I remove this "device" from my list of hardware so Windows isn't looking for something that shouldn't even be there in the first place.

If it helps - from Sophos:

------This section is for technical experts who want to know more.
Troj/Haxdoor-AG is a backdoor Trojan for the Windows platform.
Troj/Haxdoor-AG allows a remote attacker to run arbitrary commands. The Trojan may download and run further malicious code.
The Trojan uses stealthing techniques to avoid being terminated.
When Troj/Haxdoor-AG is installed the following files are created:
The file msudp4.sys provides stealthing functionality and has detected as Troj/Haxdor-Gen since version 3.93.
The following registry entries are created to run code exported by tcpG4T.dll on startup:
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tcpG4T
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tcpG4T
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tcpG4T
The file msudp4.sys is registered as a new system driver service named "msudp4", with a display name of "UDPservice". Registry entries are created under:

Thanks for the help,

  • 0




    Member 2k

  • Member
  • PipPipPipPipPip
  • 2,383 posts
Welcome to geeks to go, we would like to help you, please could you post this in the malware forum, link below, where one of our trusted tecks will advise your from there. This reposting helps those who wish to follow the subject matter.

  • 0

Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP