Bonjour, chaque fois que j'ouvre Internet Explorer, ou n'importe que
programme, l'indice du UC utilisé dans WinXP monte à 100% et demeure là
jusquà ce que j'aille terminer le processus de "msiexec64.exe" dans le
gestionnaire de tâche WinXP. Chaque fois que je réexécute un programme, le
"msiexec64.exe" revient dans la liste des processus et prend tout mon
processeur. J'ai fait un online scan sur symantec.com en vain, jai fait une
recherche dans tous mes disques durs pour "msiexec" mais il n'a trouvé que
msiexec32.exe j'ai tenté de l'effacé mais ça n'a rien changé. J'ai fait une
recherche sur google et sur symantec pour msiexec64 mais je n'ai rien trouvé
je ne sais pas c'est quoi le problème.
Cette action est irreversible, confirmez la suppression du commentaire ?
Signaler le commentaire
Veuillez sélectionner un problème
Nudité
Violence
Harcèlement
Fraude
Vente illégale
Discours haineux
Terrorisme
Autre
gaston.ceron
Carl,
Sorry for posting in English. I understand French but I cannot write in it.
I had the same virus as you and after several hours I found a way to get rid of it, which I describe below.
The virus may have done some harm already - I don't know. I tried to reverse engineer it, but the program is encrypted. Your best bet may be to back up your stuff and re install Windows. This is what I will do.
The instructions that follow may not work exactly for you. They are for Windows 2000 Advanced Server - in English.
Therefore, you may want to try the procedure first, without actually making any changes or deleting any files. Particularly you need to find a way to start your computer in Protected mode with Command Prompt. This is necessary to make the msiexec64.exe file visible and remove it. Let me know if you cannot do this and I will look for an alternative. I have two XP systems, and only in one of them I could bring it to Protected Mode with Command Prompt. Maybe somebody else can tell us how.
REMOVAL PROCEDURE:
Start the Windows task manager (Ctrl-Alt-Del) Click on the "Task Manager" button) Click on the tab "Processes" Click on the "CPU" column heading to sort the porcesses by CPU time. The "msiexec64.exe" process will show near the top. Remove that process: Highlight the "msiexec64.exe" line and click on the "End Process" button Click on "Yes" on the >Task Manager Warning" window that will pop up Do not close the "Windows Task Manager", If you did, bring it up again. Run Regedit: Click on the "Start" button in the task bar Click on Run... Type "regedit" and click the "OK" button Do not close "regedit". Wait a few seconds... Check the "Windows Task Manager". The "msiexec64.exe" process will show up again (It will pop up every time you run an ".exe" file) Remove it again, as you did before. Navigate to the HKEY_CLASSES_ROOTexefilesshellopencommand The "(Default)" value will show "c:winntsystem32mplcnfg.exe PASS "%1" %* Edit that value Double click on the "(Default)" word to bring up the editor **BE VERY CAREFUL** Erase all the text from the begining and leave only "%1" %* (Six characters: Quote Percent NumberOne Quote Space Percent Asterisk) Do not close "Regedit" Bring up Windows Explorer Start/Accessories/Windows Explorer If a windows pops up with an error message like "Cannot find the file ..." etc. something went wrong while editing the line on "Regedit" Fix the editing and try again until "Windows Explorer" pops up Make sure that "Windows Explorer" shows the hidden files Tools/Folder Options.../View "Hidden files and folders/Show hidden files and folders" should be selected "Hide file extensions for known file types" should not be selected "Hide protected operating system files (Recommended)" should not be selected Look for the file C:WINNTSystem32mplcnfg.exe and delete it Edit the file "C:WINTwin.ini" Remove the last two lines that will say: [windows] Run=C:winntsystem32msiexec64.exe Edit the file "C:WINNTSystem.ini" Remove tha last two lines that will say: [boot] Shell=Explorer.exe c:winntsystem32msiexec64.exe Check again the "Windows Task Manager" and verify that there is no "msiexec64.exe" process Close all windows and shut down the computer **CAREFUL HERE** Restart it in "Protected Mode with Command Prompt" Press F8 while the "Starting Windows" message appears The "Windws 2000 Advanced Options Menu" should show up. If you missed it, you have to do all over again. Select "Safe Mode with Command Prompt" Wait until you get the command prompt Remove the hidden file "C:WINNTSystem32msiexec64.exe" cd winntsystem32 attrib -h msiexec64.exe del msiexec64.exe
That's all.
Gaston
Carl,
Sorry for posting in English. I understand French but I cannot write
in it.
I had the same virus as you and after several hours I found a way to
get rid of it, which I describe below.
The virus may have done some harm already - I don't know. I tried to
reverse engineer it, but the program is encrypted. Your best bet may
be to back up your stuff and re install Windows. This is what I will
do.
The instructions that follow may not work exactly for you. They are
for Windows 2000 Advanced Server - in English.
Therefore, you may want to try the procedure first, without actually
making any changes or deleting any files. Particularly you need to find
a way to start your computer in Protected mode with Command Prompt.
This is necessary to make the msiexec64.exe file visible and remove it.
Let me know if you cannot do this and I will look for an alternative.
I have two XP systems, and only in one of them I could bring it to
Protected Mode with Command Prompt. Maybe somebody else can tell us how.
REMOVAL PROCEDURE:
Start the Windows task manager
(Ctrl-Alt-Del)
Click on the "Task Manager" button)
Click on the tab "Processes"
Click on the "CPU" column heading to sort the porcesses by CPU time.
The "msiexec64.exe" process will show near the top.
Remove that process:
Highlight the "msiexec64.exe" line and click on the "End Process"
button
Click on "Yes" on the >Task Manager Warning" window that will pop up
Do not close the "Windows Task Manager", If you did, bring it up
again.
Run Regedit:
Click on the "Start" button in the task bar
Click on Run...
Type "regedit" and click the "OK" button
Do not close "regedit". Wait a few seconds...
Check the "Windows Task Manager". The "msiexec64.exe" process will
show up again
(It will pop up every time you run an ".exe" file)
Remove it again, as you did before.
Navigate to the HKEY_CLASSES_ROOTexefilesshellopencommand
The "(Default)" value will show "c:winntsystem32mplcnfg.exe PASS
"%1" %*
Edit that value
Double click on the "(Default)" word to bring up the editor
**BE VERY CAREFUL**
Erase all the text from the begining and leave only "%1" %*
(Six characters: Quote Percent NumberOne Quote Space Percent Asterisk)
Do not close "Regedit"
Bring up Windows Explorer
Start/Accessories/Windows Explorer
If a windows pops up with an error message like "Cannot find the file
..." etc.
something went wrong while editing the line on "Regedit"
Fix the editing and try again until "Windows Explorer" pops up
Make sure that "Windows Explorer" shows the hidden files
Tools/Folder Options.../View
"Hidden files and folders/Show hidden files and folders" should be
selected
"Hide file extensions for known file types" should not be selected
"Hide protected operating system files (Recommended)" should not be
selected
Look for the file C:WINNTSystem32mplcnfg.exe and delete it
Edit the file "C:WINTwin.ini"
Remove the last two lines that will say:
[windows]
Run=C:winntsystem32msiexec64.exe
Edit the file "C:WINNTSystem.ini"
Remove tha last two lines that will say:
[boot]
Shell=Explorer.exe c:winntsystem32msiexec64.exe
Check again the "Windows Task Manager" and verify that there is no
"msiexec64.exe" process
Close all windows and shut down the computer
**CAREFUL HERE**
Restart it in "Protected Mode with Command Prompt"
Press F8 while the "Starting Windows" message appears
The "Windws 2000 Advanced Options Menu" should show up.
If you missed it, you have to do all over again.
Select "Safe Mode with Command Prompt"
Wait until you get the command prompt
Remove the hidden file "C:WINNTSystem32msiexec64.exe"
cd winntsystem32
attrib -h msiexec64.exe
del msiexec64.exe
Sorry for posting in English. I understand French but I cannot write in it.
I had the same virus as you and after several hours I found a way to get rid of it, which I describe below.
The virus may have done some harm already - I don't know. I tried to reverse engineer it, but the program is encrypted. Your best bet may be to back up your stuff and re install Windows. This is what I will do.
The instructions that follow may not work exactly for you. They are for Windows 2000 Advanced Server - in English.
Therefore, you may want to try the procedure first, without actually making any changes or deleting any files. Particularly you need to find a way to start your computer in Protected mode with Command Prompt. This is necessary to make the msiexec64.exe file visible and remove it. Let me know if you cannot do this and I will look for an alternative. I have two XP systems, and only in one of them I could bring it to Protected Mode with Command Prompt. Maybe somebody else can tell us how.
REMOVAL PROCEDURE:
Start the Windows task manager (Ctrl-Alt-Del) Click on the "Task Manager" button) Click on the tab "Processes" Click on the "CPU" column heading to sort the porcesses by CPU time. The "msiexec64.exe" process will show near the top. Remove that process: Highlight the "msiexec64.exe" line and click on the "End Process" button Click on "Yes" on the >Task Manager Warning" window that will pop up Do not close the "Windows Task Manager", If you did, bring it up again. Run Regedit: Click on the "Start" button in the task bar Click on Run... Type "regedit" and click the "OK" button Do not close "regedit". Wait a few seconds... Check the "Windows Task Manager". The "msiexec64.exe" process will show up again (It will pop up every time you run an ".exe" file) Remove it again, as you did before. Navigate to the HKEY_CLASSES_ROOTexefilesshellopencommand The "(Default)" value will show "c:winntsystem32mplcnfg.exe PASS "%1" %* Edit that value Double click on the "(Default)" word to bring up the editor **BE VERY CAREFUL** Erase all the text from the begining and leave only "%1" %* (Six characters: Quote Percent NumberOne Quote Space Percent Asterisk) Do not close "Regedit" Bring up Windows Explorer Start/Accessories/Windows Explorer If a windows pops up with an error message like "Cannot find the file ..." etc. something went wrong while editing the line on "Regedit" Fix the editing and try again until "Windows Explorer" pops up Make sure that "Windows Explorer" shows the hidden files Tools/Folder Options.../View "Hidden files and folders/Show hidden files and folders" should be selected "Hide file extensions for known file types" should not be selected "Hide protected operating system files (Recommended)" should not be selected Look for the file C:WINNTSystem32mplcnfg.exe and delete it Edit the file "C:WINTwin.ini" Remove the last two lines that will say: [windows] Run=C:winntsystem32msiexec64.exe Edit the file "C:WINNTSystem.ini" Remove tha last two lines that will say: [boot] Shell=Explorer.exe c:winntsystem32msiexec64.exe Check again the "Windows Task Manager" and verify that there is no "msiexec64.exe" process Close all windows and shut down the computer **CAREFUL HERE** Restart it in "Protected Mode with Command Prompt" Press F8 while the "Starting Windows" message appears The "Windws 2000 Advanced Options Menu" should show up. If you missed it, you have to do all over again. Select "Safe Mode with Command Prompt" Wait until you get the command prompt Remove the hidden file "C:WINNTSystem32msiexec64.exe" cd winntsystem32 attrib -h msiexec64.exe del msiexec64.exe
