Ours actually had 2 d's. It is msddll.exe, but there is also a msdll.exe out there as well. It appears to shut down the ability to launch a web browser. Didn't matter if it was IE6, IE7 or FireFox. Also, it prevents your security agent service from running. As Jon said, their virus programmers worked live with me and anybody running LightSpeed should have the update pushed out tonight. Another irritating thing about this virus is that we'll have to go around and stop the msddll service from running on the machines that have already been infected and then run the security agent to remove the virus, followed up with a little registry work:
Navigate in REGEDIT to the following key and delete it after disabling the service. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\msddll Still waiting on a response for how we obtained this little treat before the end of the semester or if they can tell which user it may have come through (probably our principal!) Craig Rowedder Technology Support Technician Asst. Football & Track Coach Jefferson-Scranton Comm. Schools East Greene Comm. Schools ________________________________ From: [email protected] [mailto:[email protected]] On Behalf Of JON HUESER Sent: Friday, January 09, 2009 7:33 PM To: [email protected] Subject: [info-tech] New virus We just spent 5 days fighting a new virus in our network and craig spent the evening working with lightspeed to get a signature of it. Lightspeed will up it in a new update that will come out by 8:00 tonight. If you have a windows machine and it works fine but you can't get internet to work, look in the services and see if a msdll.exe is running. If it is, it is a new virus that came out around January 1st. We also found it it stops anti-virus programs from running. You have to disable the msdll.exe service then you can stop it from running in the task manager. Talk to your anti-virus people to figure out how to remove it if they don't have it as a signature yet. Just giving everybody a heads up, don't tell me that Macs won't have that problem, blah, blah, blah! Just glad we found it after fighting with my network for 5 days at the end of the semester so teachers couldn't get grades updated. Thanks! Jon W. Hueser- MSE, Ed. S MS/HS Principal Technology Director East Greene CSD 405 12th Street South Grand Junction, IA 50107 515-738-2411 x241 Fax: 515-738-5719
