MSXMIDI.EXE not found in registry

[Guest]

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

I always receive the following 2 messages during system startup (Windows XP
Media Edition). This has been happening for the past year (I'm just now
having time to address the problems). I think this started last year after
updating my firewall and virus protection and running a subsequent scan. I'm
just an average user so I have limited knowledge of Windows programs but can
follow explicit instructions.

Window heading reads 'C:\WINDOWS\System32\services\msxmidi.exe' then below -
"Windows cannot find 'C:\WINDOWS\System32\services\msxmidi.exe'. Make sure
you typed the name correctly, and then try again. To search for a file,
click the Start button, and then click Search."

After pressing "OK" the window changes to the following message (window
heading reads 'Desktop' then) - "Could not load or run
'C:|WINDOWS\System32\services\msxmidi.exe' specified in the registry. Make
sure the file exists on your computer or remove the reference to it in the
registry."

I already found the following information describing msxmidi.exe -
"CoolWebSearch parasite variant, identified by Kaspersky_antivirus as
TrojanDropper.Win32.Small.cw" but can find nothing about how to remove the
reference in the Registry.

 

[Guest]

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

GlennR wrote:
> I always receive the following 2 messages during system startup (Windows XP
> Media Edition). This has been happening for the past year (I'm just now
> having time to address the problems). I think this started last year after
> updating my firewall and virus protection and running a subsequent scan. I'm
> just an average user so I have limited knowledge of Windows programs but can
> follow explicit instructions.
>
> Window heading reads 'C:\WINDOWS\System32\services\msxmidi.exe' then below -
> "Windows cannot find 'C:\WINDOWS\System32\services\msxmidi.exe'. Make sure
> you typed the name correctly, and then try again. To search for a file,
> click the Start button, and then click Search."
>
> After pressing "OK" the window changes to the following message (window
> heading reads 'Desktop' then) - "Could not load or run
> 'C:|WINDOWS\System32\services\msxmidi.exe' specified in the registry. Make
> sure the file exists on your computer or remove the reference to it in the
> registry."
>
> I already found the following information describing msxmidi.exe -
> "CoolWebSearch parasite variant, identified by Kaspersky_antivirus as
> TrojanDropper.Win32.Small.cw" but can find nothing about how to remove the
> reference in the Registry.
>

A good program to remove such malware is HijackThis. Word of caution
though... You will need to have a good understanding of your registy
settings. Do not delete anything unless you are sure you know what it is...

Download and run HijackThis from:
http://www.download.com/HijackThis/3000-8022_4-10227353.html

If you need help with this, post the log file after you run the program.

Regards,
Derek Sowa

 

[Malke]

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

Derek Sowa wrote:

> GlennR wrote:
>> I always receive the following 2 messages during system startup
>> (Windows XP
>> Media Edition). This has been happening for the past year (I'm just
>> now
>> having time to address the problems). I think this started last year
>> after
>> updating my firewall and virus protection and running a subsequent
>> scan. I'm just an average user so I have limited knowledge of
>> Windows programs but can follow explicit instructions.
>>
>> Window heading reads 'C:\WINDOWS\System32\services\msxmidi.exe' then
>> below -
>> "Windows cannot find 'C:\WINDOWS\System32\services\msxmidi.exe'.
>> Make sure
>> you typed the name correctly, and then try again. To search for a
>> file, click the Start button, and then click Search."
>>
>> After pressing "OK" the window changes to the following message
>> (window heading reads 'Desktop' then) - "Could not load or run
>> 'C:|WINDOWS\System32\services\msxmidi.exe' specified in the registry.
>> Make sure the file exists on your computer or remove the reference
>> to it in the registry."
>>
>> I already found the following information describing msxmidi.exe -
>> "CoolWebSearch parasite variant, identified by Kaspersky_antivirus as
>> TrojanDropper.Win32.Small.cw" but can find nothing about how to
>> remove the reference in the Registry.
>>
>
> A good program to remove such malware is HijackThis. Word of caution
> though... You will need to have a good understanding of your registy
> settings. Do not delete anything unless you are sure you know what it
> is...
>
> Download and run HijackThis from:
> http://www.download.com/HijackThis/3000-8022_4-10227353.html
>
> If you need help with this, post the log file after you run the
> program.
>
> Regards,
> Derek Sowa

Actually, we request that posters *not* post their HijackThis logs in
the MS newsgroups. It takes a lot of time and skill to properly analyze
a HJT log and the OP will not get that here. There are special forums
set up specifically for the purpose of having experts look at
HijackThis logs. Here are a few:

http://www.aumha.org/a/hjttutor.htm - HijackThis tutorial by Jim
Eshelman
http://www.bleepingcomputer.com/forums/index.php?showtutorial=42 -
another tutorial
http://aumha.net - forums
http://spywarewarrior.com/viewforum.php?f=5 - Spyware Warrior HijackThis
forum
http://www.wilderssecurity.com/
http://forums.tomcoyote.org/
http://www.spywareinfo.com/forums/

I particularly like the AumHa forum, but all of the above are good. Pick
*one*. Make sure to read the forum's posting rules first.

Malke
--
Elephant Boy Computers
www.elephantboycomputers.com
"Don't Panic!"
MS-MVP Windows - Shell/User