Can anybody help please? On switching my PC on, the desktop page appears ok, but bearing the following messages:

First: ''Cannot find 'msinfo.exe' (or one of its components). Make sure the path and filename are correct and all required libraries are available.''

On clicking 'ok' up comes: ''Could not load or run 'msinfo.exe specified in the WIN.INI file. Make sure the file exists on your computer or remove the reference to it in the WIN.INI file.''

I am running Windows 98 (SE) on a Dell Dimension XPS T600R PIII 128MB SDRAM memory and a 13.6GB ATA Ultra Hard Drive (7200RPM). The sound card is a 32MB nVIDIA GeFORCE 256 AGP Card. I have the original Windows CDs.

I have no idea how this came about, but I am not the only one in the family to use the machine - I just pay the bills! My computer skills are very basic, so if you may be able to help, please make any instructions explicit.

Many thanks to all who have taken the time to read this.
Cheers,
mcdhu

Careful here!!!!

"Msinfo.exe" is a trojan browser hijacker.

Most virus checker do not catch this...read
here (http://www.annoyances.org/exec/forum/win95/n1062710619)

CoolWebSearch Hijack see here (http://www.spywareinfo.com/~merijn/cwschronicles.html#cwshredder) (variant 9). Download and run cwshredder from the bottom of the page. Do a web search on msinfo.exe and CoolWebSearch if you want more details.

mcdhu,

I would suggest that you perform an online scan of your computer with:

Trend Micro's HouseCall (http://housecall.trendmicro.com/)

Just to make sure you do not have any more viruses on your computer.

Take Care,

Richard

Many thanks to you Nightrider, Orac and Richard. I did as you suggested and, between them, they seem to have done the trick.

Trend Micro's Housecall found something called ''TROJ SMALL.J'' which it deemed ''not cleanable'' in C:/dload.exe*C:/dload.exe* - whatever that all means. It suggested that I delete it which I have now done and the 'startup' symptoms mentioned above seem to have gone away.

I am mystified why my Norton kit didn't find it on a full scan. Should I be changing provider perhaps?

Again, many thanks and happy landings - CFU tonight!!!

mcdhu

mcdhu,

The reason I mention the online scan is because the payload of some viruses is to disable your Anti Virus program. With the online scan we at know we are getting one good scan of your computer.

Take Care,

Richard

Naples, great call. My firewall often catches msinfo.exe trying to pass info out of my machine; I thought it was some sort of MS software checking on registration, etc. However, I have just run Housecall and within seconds got this message:

'Housecall has found and cleaned a malware BKDR_SDBOT.M'

[Whatever that means...]

Thanks for the tip

FJJP :ok:

FJJP,

BKDR_SDBOT.M is backdoor program allows a remote user to access and control the infected system via Internet Relay Chat (IRC).

Through the IRC channel, the malicious user can send commands to the backdoor to process on the infected system, leaving the system compromised.

The good news about that program is that it is NOT Destructive, so your computer programs and operating system should be intact. The bad news is that it is a backdoor program that allows the user not only to control your computer, but to also access any and all of your data.

Take Care,

Richard

I go away for a few days only to find on start up:

'Cannot find the file'info32.exe' (or one of its components). Make sure the path and filename are correct and that all required libraries are available.''

On clicking 'OK', appears:

'Could not load or run 'info32.exe' specified in the WIN.INI file. Make sure the file exists on your computer ot remove the reference to it in the WIN.INI file'.

The computer runs fine - system details as above. A Norton scan reveals nothing; neither does Richard's Trend Micro Housecall. Also ran CW Shredder.

Can anyone shed any light on this. Please keep any instructions simple!

Many thanks,
mcdhu

Backdoor Trojan (http://vil.nai.com/vil/content/v_98594.htm)

The fact that info32.exe is missing is good news, the trojan is gone. Whatever you used to clean it didn't quite finish the job though as there is still a reference in the win.ini file (run=info32.exe). You need to remove references in WIN.INI and/or SYSTEM.INI and/or registry for final clean-up measures. Just edit win.ini and delete the above line ONLY, and see if the message goes away.

Then find out who in the household keeps loading these things and smack 'em good.

Thanks all, the CWShredder seems finally to have done the trick.

The only remaining anomaly seems to be on start up when the 'black' page says, among other things, some thing like 'Memory manager not found', but it doesn't stay still for long enough for me to copy it and the 2 other lines down!

On the other hand, before all this I had a 'Runtime Error' on shutdown which seems to have disappeared. I guess every cloud has a silver lining! AOL Parental controls now in force!

Cheers all,
mcdhu