msdirectx, connected.5.l, mss.exe

Hi - I have recently (last night) experienced a virus attack associated with connected.5.l, msdirectx.exe and mss.exe. I found this forum site and noticed that there were several reports from distraught victims of this or a similar virus, and some comments on disinfection, none of which was directly relevant to my situation, but which gave me useful insights. So I thought I would post a description of my experience.

I run AVGfree on win2000 professional, both of which are up to date. I started receiving pop-up warnings from avg, probably after downloading some update material for one of my resident programs. AVG reported connected.5.l, and was able to 'heal' or delete the virus, but it continually recurred. I was not aware of any other effects of the presence of this infection.

I found that the immediate culprit was msdirectx.exe, of which there were three copies in different locations on my hard disc. One (in my documents) contiunually recurred after deletion.

After considerable further research I decided that the parent of this file was mss.exe (located in winntsystem32). It could not be deleted because it was in use. I removed it from my start-up list, rebooted, and still could not delete it. So I changed its name and then successfully removed it. I then searched for msdirectx.exe and deleted all instances. AVG has not reported a virus since.

There remain references to both msdirectx.exe and mss.exe in my registry. I am not sufficiently confident about using regedit to tamper with the registry, so perhaps someone can advise me about this aspect of the clean-up.

I hope these notes help anyone else who is troubled by this virus. It does not seem to be well documented, and what I have read about it suggests that there may be several variants with different characteristics (e.g. involving mspg.exe, which was not present on my system).

Cheers -
Andy