Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Msnapi.dll Virus On Startup


  • Please log in to reply
3 replies to this topic

#1 PornNChicken

PornNChicken

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Des Moines,IA
  • Local time:01:57 PM

Posted 17 January 2008 - 02:22 PM

Avast 4.7 finds ands deletes this file on every startup? Any idea where it is coming from, no virus scan has found the culprit. I mean it hits before I can even connect to the net. Anyone?

Edited by PornNChicken, 18 January 2008 - 04:00 AM.


BC AdBot (Login to Remove)

 


m

#2 usasma

usasma

    Still visually handicapped (avatar is memory developed by my Dad


  • BSOD Kernel Dump Expert
  • 25,072 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Southeastern CT, USA
  • Local time:02:57 PM

Posted 17 January 2008 - 02:41 PM

Could it be a false positive? Have you submitted the file to a place like http://virusscan.jotti.org/ for analysis.

Could it be a protected file that's become corrupted - and restoring it out of the DLLCache is just restoring the corrupted file?
My browser caused a flood of traffic, sio my IP address was banned. Hope to fix it soon. Will get back to posting as soon as Im able.

- John  (my website: http://www.carrona.org/ )**If you need a more detailed explanation, please ask for it. I have the Knack. **  If I haven't replied in 48 hours, please send me a message. My eye problems have recently increased and I'm having difficult reading posts. (23 Nov 2017)FYI - I am completely blind in the right eye and ~30% blind in the left eye.<p>If the eye problems get worse suddenly, I may not be able to respond.If that's the case and help is needed, please PM a staff member for assistance.

#3 PornNChicken

PornNChicken
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Des Moines,IA
  • Local time:01:57 PM

Posted 18 January 2008 - 04:32 AM

Service load: 0% 100%

File: msnapi.dll
Status: INFECTED/MALWARE
MD5: aed91fed2273706470eac3bdb7fe51e7
Packers detected: -
Bit9 reports: File not found

Scanner results
Scan taken on 18 Jan 2008 09:20:42 (GMT)
A-Squared Found nothing
AntiVir Found BDS/Delf.LI.3
ArcaVir Found Trojan.Delf.Li
Avast Found Win32:Trojan-gen {Other}
AVG Antivirus Found nothing
BitDefender Found Backdoor.Delf.HLC
ClamAV Found Virtool.DllInjector.Hook-1
CPsecure Found W32.Email.W.Pacrac
Dr.Web Found BackDoor.Singu
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found Backdoor.Win32.Delf.li
Fortinet Found nothing
Ikarus Found Backdoor.Win32.Delf.LI
Kaspersky Anti-Virus Found Backdoor.Win32.Delf.li
NOD32 Found Win32/Delf.LI
Norman Virus Control Found W32/Delf.WU
Panda Antivirus Found Bck/Iroffer.BG
Rising Antivirus Found Backdoor.Delf.qu
Sophos Antivirus Found Troj/Nucbot-A
VirusBuster Found Backdoor.Delf.VB
VBA32 Found nothing

#4 usasma

usasma

    Still visually handicapped (avatar is memory developed by my Dad


  • BSOD Kernel Dump Expert
  • 25,072 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Southeastern CT, USA
  • Local time:02:57 PM

Posted 18 January 2008 - 07:11 AM

Yep, it's a baddie all right! :thumbsup:

Here's the instructions at Sophos for removing it: http://www.sophos.com/virusinfo/analyses/trojnucbota.html
BUT, I'm really not well-versed with virus removal, so I'd have to suggest that you post in this forum for some more expert help: http://www.bleepingcomputer.com/forums/f/103/am-i-infected-what-do-i-do/
My browser caused a flood of traffic, sio my IP address was banned. Hope to fix it soon. Will get back to posting as soon as Im able.

- John  (my website: http://www.carrona.org/ )**If you need a more detailed explanation, please ask for it. I have the Knack. **  If I haven't replied in 48 hours, please send me a message. My eye problems have recently increased and I'm having difficult reading posts. (23 Nov 2017)FYI - I am completely blind in the right eye and ~30% blind in the left eye.<p>If the eye problems get worse suddenly, I may not be able to respond.If that's the case and help is needed, please PM a staff member for assistance.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users