OT advice on my virus
Turbo Mini Forums

I have a virus, well not me but my laptop has and I can't get it off. Neither of my virus softwares can budge it as "acess is denied or disk is full" thing comes up. I can find it in my files but again it won't let me move or delete it. I have no internet now either and it's called tmwsock and it's a spam hacker or something. The upside is I will get lots of work done today with no internet! Any advice on how to get rid of it?

http://vil.mcafeesecurity.com/vil/content/v_134762.htm there is some info about it at least.

Manually Remove Trojan Cimuz-CD

Manual removal of any spyware can be difficult. When you try to manually remove Trojan Cimuz-CD, you risk destroying your PC. It’s highly recommended you use an automatic spyware scanner to determine you’re infected with Trojan Cimuz-CD. It’s also recommended you backup your system any time before editing your registry, using software such as Genie Backup Manager Professional.

To remove Trojan Cimuz-CD manually, you need to delete various Trojan Cimuz-CD files. Not sure how to delete Trojan Cimuz-CD files, DLLs, registry keys?

Otherwise, go ahead and…

Stop Trojan Cimuz-CD processes:

mstsdsc.exe
Remove Trojan Cimuz-CD registry keys:

HKLMSOFTWAREMicrosoftWindowsCurrentVersionRun
mstsdsc.exe
Delete Trojan Cimuz-CD DLLs:

sporder.dll
tmwsock.dll

Disclaimer : I have not done this and will not quarantee that it will work, just passing on information.

Edited by miniminor63 on 28th Jun, 2007.

Need help figuring out how to delete files, DLLs, and registry keys? While there’s some risk involved, and you should only manually remove Trojan Cimuz-CD files if you’re comfortable and confident editing your system, you’ll find it’s fairly easy to delete Trojan Cimuz-CD files in Windows.


How to delete Trojan Cimuz-CD files in Windows XP and Vista:
Click your Windows Start menu, and from “Search,” click “For Files and Folders…“
A speech bubble will pop up asking you, “What do you want to search for?” Click “All files and folders.”
Type any file name in the search box, and select “Local Hard Drives.”
Click “Search.” Once the file is found, delete it.
How to remove Trojan Cimuz-CD registry keys:
Your Windows registry is the core of your Windows operating system, storing information about user settings, system preferences, and software, including which applications automatically launch at start up. Because of this, spyware, malware, and adware will often bury their own files into your Windows registry so that they automatically launch every time your start up your PC.

Because your registry is such a key piece of your Windows system, you should always backup your registry before you make any changes to it. Editing your registry can be intimidating if you’re not a computer expert, and when you change or a delete a critical registry key or registry value, there’s a chance you may need to reinstall your entire Windows operating system. Make sure your backup your registry before editing it.

Select your Windows menu “Start,” and click “Run.” An “Open” field will appear. Type “regedit” and click “OK” to open up your Registry Editor.
Registry Editor will open as a window with two panes. The left side Registry Editor’s window lets you select various registry keys, and the right side displays the registry values of the registry key you select.
To find a registry key, such as any Trojan Cimuz-CD registry keys, select “Edit,” then select “Find,” and in the search bar type any of Trojan Cimuz-CD’s registry keys.
As soon as Trojan Cimuz-CD registry key appears, you can delete the Trojan Cimuz-CD registry key by right-clicking it and selecting “Modify,” then clicking “Delete.”
Computer acting funny after you’ve edited your registry and deleted Trojan Cimuz-CD registry keys? Just restore your registry with your backup.

How to remove Trojan Cimuz-CD DLL files:
Like most any software, spyware, adware, and malware may also use DLL files. DLL is short for “dynamically linked library,” and Trojan Cimuz-CD DLL files, like other DLLs, carryout predetermined tasks. To manually delete Trojan Cimuz-CD DLL files, you’ll use Regsver32, a Windows tool designed to help you remove DLL and other files.

First you’ll locate Trojan Cimuz-CD DLL files you want to delete. Open your Windows Start menu, then click “Run.” Type “cmd” in Run, and click “OK.”
To change your current directory, type “cd” in the command box, press your “Space” key, and enter the full directory where the Trojan Cimuz-CD DLL file is located. If you’re not sure if the Trojan Cimuz-CD DLL file is located in a particular directory, enter “dir” in the command box to display a directory’s contents. To go one directory back, enter “cd ..” in the command box and press “Enter.”
When you’ve located the Trojan Cimuz-CD DLL file you want to remove, type “regsvr32 /u SampleDLLName.dll” (e.g., “regsvr32 /u jl27script.dll”) and press your “Enter” key.
That’s it. If you want to restore Trojan Cimuz-CD DLL file you removed, enter “regsvr32 DLLJustDeleted.dll” (e.g., “regsvr32 jl27script.dll”) into your command box, and press your “Enter” key.

Understanding Trojan Cimuz-CD & Spyware
If you’re infected with Trojan Cimuz-CD and spyware, it can be helpful to understand spyware definitions related to Trojan Cimuz-CD.


Trojan Cimuz-CD May Be a Trojan
What Are Trojans?
Trojans install themselves secretly onto your computer, most often through your downloading a simple email attachment (often .avi, .pif, .exe, and even .jpg files.) Most Trojans are able to gain complete control over your PC after installation. With this control, the Trojan and the hacker behind it may change your system settings, delete important files, steal your passwords, and watch your computer acitivity.

Some Trojans may also fall under the category of spyware. Spyware is any software or malware (”malicious software”) used to spy or track your computer activity. While some spyware is legitimately and intentionally installed by parents or employers to monitor Internet activity on a computer, spyware may be installed maliciously. Often spyware may come bundled with downloads of free software or come in the form of a cookie via a website, and this spyware may track your Internet activity or may steal secret account usernames and passwords, credit card numbers, and other personal and financial information.

Methods of Trojan Cimuz-CD and Other Trojans Infection
Most trojans infect your computer by tricking you into running an infected application. This infected application could disguised as a small file, such as a jpeg or other email attachment, or it might be downloaded via a website or FTP.

» Email: Your PC may be infected with a trojan when you download infected email attachments, or sometimes even when you simply open an email. Many trojans exploit security holes in Microsoft Outlook. You may be able to reduce your chances of getting infected by a Trojan by using a spam-blocking software, such as SpamEater Pro.

» Websites: Your PC may be infected with a trojan when you visit a rogue site. Many trojans exploit security holes in Internet Explorer web browser so that by simply visiting a website you may unknowingly download a Trojan.

» Open ports: If your computer runs programs that provide file-sharing functions - such as AOL Instant Messenger (AIM), MSN Messenger, and more - you may open your computer up to vulnerabilities. Using file sharing through these applications may create a network that gives attackers the opportunity to remotely access your computer.

Trojan Cimuz-CD may have infected your PC by through one of those methods. Trojans are some of the most sophisticated and dangerous type of malware, capable of controlling your system. Because of this, it may be best if Trojan Cimuz-CD and Trojans are removed from your computer immediately.

Thanks! I tried removing it as you said in the above post and again it says access denied! It won't let me touch it. Does anyone know of any decent trojan removers? I had a free copy of AVG for a while which was good but my free Norton is rubbish. I was going to invest in new anti-virus/malware software so nows the time. What's the best one to get? Thanks guys.

Jay,

best bet for removing the virus is by booting into safe mode, thats what i do if i ever get a virus, if it still doesnt help you there is a program which you can run which will kill all process but not start a system shutdown allowing you to remove the virus (i had a virus in winlogin.exe once so couldnt remove it while it was active and couldnt close it)

Manchester Minis

Right OK, I tried to remove it in safe mode but it still says the file is in use or full so I can't remove it. I downloaded free software to suspend all processes but I can't see the virus on the list, it just has exe type files and no dlls. I guess next stop is to backup and reformat everything!

NOD 32 is told to be the best anti virus prog.

Running Mcafee Security Suite here, found Nortons abit memory hungry.