Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

Virus & Other Malware Removal Virus & Other Malware Removal
Search Search
Search for:
Tech Support Guy > > >

mssvc.exe

(New)
(!)

Rollin' Rog's Avatar
Computer Specs
Member with 45,855 posts.
 
Join Date: Dec 2000
Location: North of Hollywoodland
Experience: I know when to fold em'
09-Oct-2003, 06:15 PM #31
Did you get the file name right? You are looking for winnt.exe not winnit.exe (a Win9x/ME file)
sharlan881's Avatar
sharlan881 sharlan881 is offline
Junior Member with 4 posts.
 
Join Date: Oct 2003
13-Oct-2003, 02:54 PM #32
I may add no value here whatsoever, but I've had the same MSSvc.exe issue that the original writer had. I followed the information gived (ie - regedit) and for the first time in three months that freaking message isn't popping up.

I was having another problem that seemed to be related to the MSSvc.exe. This stupid little Windows Warning Box (with no title in the blue bar) kept popping up every 30 seconds or so. Through a Process tracker I downloaded, I found that there were two processes running that controlled that. There was a "services.exe" and under that there was a "csrss.exe". When I killed those processes, the stupid little box stopped popping up. Again, this may have been an unrelated problem, but it seemed to start happening about the same time.

Since I was the beneficiary of the help given in this thread, I thought I'd throw that little factoid out in case it helps anybody else.

Thanks!!!
Rollin' Rog's Avatar
Computer Specs
Member with 45,855 posts.
 
Join Date: Dec 2000
Location: North of Hollywoodland
Experience: I know when to fold em'
13-Oct-2003, 05:51 PM #33
Thanks sharlan. Services.exe and csrss.exe, running from the system32 folder, should be the standard and required services. Terminating them of course just stops them from doing whatever odd and unknown thing they were doing at the time.
caldog's Avatar
caldog caldog is offline
Junior Member with 19 posts.
THREAD STARTER
 
Join Date: Sep 2003
14-Oct-2003, 12:23 PM #34
I mistyped - I meant winnt.exe. It wasn't there,so I don't have the ability to do a reinstall from within XP. My only option is to do a complete restore with the OEM's restore cd(not a windows xp cd - which I never got) I haven't had any of the annoying mssvc.exe error messages since following help tips posted on this thread. I know that the pc is still infected because I am still denied access to Administrative Services. Is there anything further that sharlan has suggested(re: csrss.exe) that I should also delete?
thanks
Rollin' Rog's Avatar
Computer Specs
Member with 45,855 posts.
 
Join Date: Dec 2000
Location: North of Hollywoodland
Experience: I know when to fold em'
14-Oct-2003, 12:42 PM #35
I'm afraid that's a required service, not a viral file.

As of now the only documented resolutons for the Administrative access problems have come from reinstalls. I guess in your case that is going to be a destructive one.

If you have saved setup files for previously installed programs you can reinstall them without too much loss of time. But otherwise, you are back to your original configuration.

I'm a little confused, are both winnt.exe and winnt32.exe missing or just one of them?

They are relatively small files. If the rest of the cab stuff is there (for example there's a winnt32.hlp and a winnt32.msi) I could zip you the missing files.
caldog's Avatar
caldog caldog is offline
Junior Member with 19 posts.
THREAD STARTER
 
Join Date: Sep 2003
15-Oct-2003, 09:11 AM #36
I'm glad you asked about the 2 winnnt.exe files above. I went back and opened the I386 file again to see which of these i was missing. I went to WINNT32(there is no .exe). When I put the cursor over it it reads - 'stub folder for WINNT 32 setup.' When I clicked on it an error mesage reads: "Windows Setup - The option to upgrade will not be available at this time because setup was unable to load the file C\Windows\I386\WINNTUPG\NETUPGRD.DLL - The system cannot find the file specified." But after I hit ok I was taken to 'Welcome to windows Setup' It asked me for which type of installation - but the only option available is New Installation(advanced). The next click lead me to the user agreement page. I stopped here and thought I would ask :Is this the reinstall I have been looking for? I had never previosly opened WINNT32 because I thought I was looking for an 'exe' file?
Rollin' Rog's Avatar
Computer Specs
Member with 45,855 posts.
 
Join Date: Dec 2000
Location: North of Hollywoodland
Experience: I know when to fold em'
15-Oct-2003, 11:08 AM #37
Interesting, I do not have that dll either or even the WINNTUPG folder. For what it's worth the reason you didn't see the "exe" may be because you have "hide file extensions" for known file types checked in Folder Options > View. This is never good to do as it will conceal double extensions which mask executables.

But to answer your question, I'm not sure of the answer. I *think* I have seen a previous thread where this screen was encountered and the user followed through -- the setup routine then reported that a "previous" installation has been detected, "do you want to repair?"

I can't guarantee this though. But you should see at some point a warning that proceeding will destroy all previous data if the setup is going to wipe everything out. If you get presented with an option to "partition" that is what is going to happen.

Do you have your ProductKey, by the way? If not, you can use the utility here to get it:

http://www.angelfire.com/va3/vic3/winkeys.htm

I would recommend trying it one way or another, just to ensure it matches what you think you have. Copy it exactly if it doesn't you may need it.
sander66's Avatar
sander66 sander66 is offline
Junior Member with 1 posts.
 
Join Date: Oct 2003
16-Oct-2003, 10:31 AM #38
Angry MSVSC.EXE
I have tried sybot, spyhunter and CoolWebShredder - to no avail
Help !!

Logfile of HijackThis v1.97.3
Scan saved at 11:30:13 AM, on 10/16/2003
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\srvany.exe
C:\WINDOWS\System32\pppoe.exe
C:\WINDOWS\system32\slserv.exe
C:\RECYCLER\S-1-5-21-458573308-1249257218-1260325492-1443\system32\services.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\RECYCLER\S-1-5-21-458573308-1249257218-1260325492-1443\system32\csrss.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S0HIC1.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Valued Client\Local Settings\Temp\Temporary Directory 2 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
F0 - system.ini: Shell=explorer.exe winlogin.exe
F2 - REG:system.ini: Shell=explorer.exe winlogin.exe
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [EPSON Stylus C82 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S0HIC1.EXE /P23 "EPSON Stylus C82 Series" /O6 "USB001" /M "Stylus C82"
O4 - HKLM\..\Run: [NDplDeamon] winlogin.exe
O4 - HKLM\..\Run: [winlogon] winlogin.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SpyHunter] C:\Program Files\SpyHunter\SpyHunter.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Radio Free Virgin Player (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.co...910.3291087963
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab
Rollin' Rog's Avatar
Computer Specs
Member with 45,855 posts.
 
Join Date: Dec 2000
Location: North of Hollywoodland
Experience: I know when to fold em'
16-Oct-2003, 10:40 AM #39
You are going to have to review this thread thoroughly. Disable the Adminisistrative Tools > Services startup for mssvc.exe, then edit the registry to remove the reference. Ultimately you will also have to reinstall XP to restore Administrative priveleges.

http://forums.techguy.org/showthread...53#post1154453

In addition to that you must clean these entries by checking and "fixing" with HijackThis:

F2 - REG:system.ini: Shell=explorer.exe winlogin.exe

O4 - HKLM\..\Run: [NDplDeamon] winlogin.exe
O4 - HKLM\..\Run: [winlogon] winlogin.exe

You will need to delete winlogin.exe Do NOT confuse it with winlogon.exe, a required process.
sharlan881's Avatar
sharlan881 sharlan881 is offline
Junior Member with 4 posts.
 
Join Date: Oct 2003
19-Oct-2003, 11:45 PM #40
I did the XP reinstall as detailed above (I do have a Dell so I had the XP CD) and everything worked perfectly. MSSvc is now nothing more then a bad memory.
Rollin' Rog's Avatar
Computer Specs
Member with 45,855 posts.
 
Join Date: Dec 2000
Location: North of Hollywoodland
Experience: I know when to fold em'
20-Oct-2003, 12:08 AM #41
Good to hear. I also have a Dell and that's one good reason to stick with them if you're not into system building yourself.

Be aware now you probably have to reinstall all the new patches and updates pronto. You should also enable the XP firewall if it is not incompatible with your ISP (AOL, Earthlink DSL...)
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.


(clock)
THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


WELCOME
You Are Using: Server ID
Trusted Website Back to the Top ↑