'll just update everyone...
There are NO LONGER msg### files.
It morphed yesterday.
They are using random names now, and much worse!
The {msg) find will find some of the old files that
are no longer active...
Go to regedit (regedt32 in 2K)
Expand:
HKEY_LOCAL_MACHINE\SOFTWARE\
Microsoft\Windows NT\CurrentVersion\
Winlogon\Notify\Guardian<-
*Make a note of the file name there, in System32.
RightClick (top menu>permissions in 2K)>
permissions, uncheck box: "Allow inheritibale permissions"..
Hit ok, and REMOVE on next prompt.
-Restart computer!
Find and delete the <file> that was in that key
along with it's companion from System32:
<file name>.cpy.dll
Go back to registry editor>recheck the permissions box on
that key, right click>
Delete the 'Guardian' folder.
Run SpyBot+Ad-Aware to remove the rest of
the keys+files.
***NOTE: In addition to that they 'hacked' the main
System account of the entire Administartion group!
Some functions (as per the error above) will no longer
work on the system even AFTER the cr@p is gone!