How to remove the msconf virus
Most antivirus programs identify msconf.exe as malware, for example Kaspersky identifies it as Backdoor.Win32.SdBot.hcn or Backdoor.Win32.SdBot.hdm, and TrendMicro identifies it as WORM_SDBOT.LE or BKDR_SDBOT.GOY.
The free file information forum can help you find out how to remove it. If you know more about this file, please leave a comment or a hint for other users.
Msconf.exe file information
Description: msconf.exe is located in the folder C:\Windows\System32.
Known file sizes on Windows 7/XP are 1,301,504 bytes (12% of all occurrences), 1,311,744 bytes and 6 more variants.
There is no information about the author of the file. The program is not visible. The file is located in the Windows folder, but it is not a Windows core file. Msconf.exe is not a Windows system file. Program listens for or sends data on open ports to a LAN or the Internet. The process starts when Windows starts (see Registry key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run). msconf.exe is able to hide itself, monitor applications and record inputs. Therefore the technical security rating is 98% dangerous.
Recommended: Identify msconf.exe related errors
If msconf.exe is located in C:\, the security rating is 70% dangerous. The file size is 24,576 bytes. There is no description of the program. The program has no visible window. The program is loaded during the Windows boot process (see Registry key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run). It is not a Windows core file. The application uses ports to connect to a LAN or the Internet.
External information from Paul Collins:
There are different files with the same name:
- "Microsoft Config" definitely not required. Added by the RBOT.PV WORM!
- "Microsoft Config" definitely not required. Added by the RBOT-LG WORM!
Important: Some malware camouflages itself as msconf.exe, particularly when located in the c:\windows or c:\windows\system32 folder. Therefore, you should check the msconf.exe process on your PC to see if it is a threat. We recommend Security Task Manager for verifying your computer's security. This was one of the Top Download Picks of The Washington Post and PC World.
Security Task Manager shows all running Windows tasks including embedded hidden functions (e.g. keyboard or browser monitoring, autostart entry). A unique security risk rating indicates the likelihood of the process being potential spyware, malware, keylogger or a Trojan.
MalwareBytes detects and removes sleeping spyware, adware, trojans, keyloggers, malware and tracking threats from your hard disk. Ideal supplement to Security Task Manager.
SpeedUpMyPC scans, cleans, repairs and optimizes your computer.
vlauto.exe pwmgr.exe leecher.exe msconf.exe tagsrv.exe vncdrv.sys avgascln.sys stgramdiskhandler32.exe flashmute.exe avgfws.exe ereg.ini [all]