How to completely remove Backdoor.livup (msstart.exe) Trojan-horse by hand
Author: FILSECLAB (Original Article)
Date: 12/23/2003
Remarks: To reprint, please indicates the source from FILSECLAB

Trojan Property
File name: msstart.exe
File size: 139264 Bytes
* Attention: The method mentioned in this article is only suitable for this version of this Trojan. It cannot guarantee that other versions can be removed correctly.

Recently, a lot of users encounter a problem: Some antivirus software can find Backdoor.livup(msstart.exe) Trojan horse, but cannot remove, clear, quarantine or delete it. Or the Trojan can be removed, but it appears again at later time. There has some simple and effective methods to completely remove it, as following:

Method 1:

Registered version of Twister Anti-TrojanVirus can completely remove it (First to update the virus definition is recommended). If you have not this software, you may use following method to manually remove it.

Method 2:

This method is only tested on Windows 2000/XP/2003/NT. But have some difference on Windows 9x/ME, you may also use Twister Anti-TrojanVirus to remove it on Windows 9x/ME.

Step 1: Configure Microsoft Windows Explorer to show all files, because most Virus and Trojan horse can hide itself. If you already did it, you may skip this step.

  1. Click Start, point to Settings, and Control Panel, and then click Folder Options.
  2. In the Folder Options dialog box, click the View tab.
  3. In the Advanced settings box, deselect the Hide protected operating system files (Recommended).
  4. Select the Show hidden files and folders.
  5. Deselect the Hide file extensions for unknown file types.
  6. Click OK to save changes.

Step 2: Press Ctrl+Alt+Del, open Task Manager program, click Processes tab, find msstart.exe process, if found, select it and click End Process to kill it.

Step 3: Go to the folder of SystemRoot\Winnt\System32 (If your Windows NT/2000/XP/2003 installed on driver C: then the folder is C:\Winnt\System32), find msstart.exe and directly delete it. Or you can also search for all of msstart.exe files by using Windows Search feature (WINDOWS+F shortcut key), and delete them all.

At the end of the instructions, if all of the steps are completed correctly, then the Trojan has already been completely removed.

Author: FILSECLAB (Original Article)
Date: 12/23/2003
Remarks: To reprint, please indicates the source from FILSECLAB