Multiple Programs – MSDOS.SYS and MSDOS.PIF

MSDos.sys installs as part of your Windows operating system. It appears in your root folder with hidden, system, and read-only attributes. If you're running WinPatrol 10.0 or later, you'll see this file listed in your hiden files. It is safe and required.

A file called msdos.pif may be described as "MSDOS Security Service" and will appear in your Windows\System or System32 folder. This file installs with the Win32.RBot.ANG worm. This worm spreads across network shares taking advantage of Microsoft's DCOM/RPC, ASN.1 and PNP vulnerabilities. It sets itself to run on system startup and it offers backdoor access via IRC that could let a remote user access your computer. This remote user could install, run or delete files. This worm also installs a keylogger making it possible to steal private information such as login information and credit card numbers.

We'd recommend removing the msdos.pif file using WinPatrol. First, go to your Active Tasks and kill the file there. Next, go to your Startup Programs and remove the file there. If you run WinPatrol 8.x or later, right click the file then select "Delete file on reboot". Reboot your system. We'd also recommend a full system scan with an up to date antivirus program.

Additional background information on this virus can be found at http://www.sophos.com/virusinfo/analyses/w32rbotang.html.

Remove if msdos.pif