Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Can't Get Rid Of Msinfnd.exe


  • Please log in to reply
14 replies to this topic

#1 duckhead

duckhead

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:11:31 AM

Posted 06 March 2008 - 05:12 PM

Hi, This auto run thing is killing me. MSInfnd.exe, it's on my usb external hard drive and probably the desk
top computer that I use at work. At work we use Trend Micro(it's a corporate set up). I have no control over this.
My home computer uses Zone Alarm Security Suite lic copy.
I have a lic copy of ZASS on a private computer at work that's not tied to the company network.
Both ZASS and Micro have detected and quarentined this thing. I can right click on the file MSInfnd.exe on my usb drive and
delete it. Everytime I reconnect the usb drive it come back.

Here is a HJT scan of my work desk top computer........How can I scan my usb drive?
Need help with this. Thanks
Richard.....hope this makes sense.

Attached Files



BC AdBot (Login to Remove)

 


#2 duckhead

duckhead
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:11:31 AM

Posted 06 March 2008 - 05:21 PM

Need help with psoting HJT log also

#3 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,846 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:11:31 AM

Posted 07 March 2008 - 10:28 PM

Hello duckhead,

You have a flash drive infection. I have contacted someone familiar with this infection to assist you. Please be patient. Because the HiJack This team is extremely busy, it would be best to disinfect you in this forum, so please do not do anything with HiJack This. If we determine that you do in fact need to go to the HiJack This forum, we will let you know and provide you with the directions. Please be sure to read the response I made to your other topic here: http://www.bleepingcomputer.com/forums/topic135067.htm

In order to assist you better, we need some additional information.

What is your operating system: Windows XP, Vista, etc.?

Do you have any other security programs on your home computer other than Zone Alarm, which I assume is the suite? If so, please name them.

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,112 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:11:31 AM

Posted 08 March 2008 - 12:15 AM

Please insert your flash drive before we begin!

Download Flash_Disinfector.exe by sUBs and save it to your desktop.
  • Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
  • The utility may ask you to insert your flash drive and/or other removable drives. Please do so and allow the utility to clean up those drives as well.
  • Wait until it has finished scanning and then exit the program.
  • Reboot your computer when done.
Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive that is plugged in when you ran it. Don't delete this folder...it will help protect your drives from future infection.

Prevx indicates the filename MSInfnd.exe refers to many versions of an executable program. Go to jotti's virusscan or virustotal.com. In the "File to upload & scan" box, browse to the location of MSInfnd.exe and submit (upload) it for scanning/analysis.
-- Then post back with the results of the file analysis.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 duckhead

duckhead
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:11:31 AM

Posted 10 March 2008 - 05:30 PM

Thanks for the reply,
I will do the flash disinfector thing soon. I am at work right now, but have my external hadrdrive with me and
a lic copy of ZASS installed on the computer that I use at work.
My operating system at home is Xp Home Edition, ZASS is the only security system installed.
I work on an offshore drilling rig, so my time to do this will be limited.
I will post the results soon. Please bare with me,
thanks

#6 duckhead

duckhead
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:11:31 AM

Posted 11 March 2008 - 02:31 AM

Hi Quietman7,
I performed the scan with Flash Disinfector.
Then went to virustotal to scan the file.
Could not find Msinfnd.exe when doing a search or either the usb drive or the desk top.
Called it quits for the night, and let ZASS perform a deep scan of all drives while I was sleeping.
It shows to have quarrentined Msinfnd.exe & Win32.Autorun.bco
Should I pull the out of quarrentine and re-do the steps
Thanks, Richard

#7 duckhead

duckhead
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:11:31 AM

Posted 11 March 2008 - 03:35 AM

Still could not find the file name on my exteranl HDD, however I did find it on my 512MB thumb drive and here is the log.



Scan taken on 11 Mar 2008 08:27:35 (GMT) A-Squared Found nothing AntiVir Found TR/Downloader.Gen ArcaVir Found nothing Avast Found nothing AVG Antivirus Found nothing BitDefender Found nothing ClamAV Found nothing CPsecure Found nothing Dr.Web Found nothing F-Prot Antivirus Found nothing F-Secure Anti-Virus Found Worm.Win32.AutoRun.bco Fortinet Found nothing Ikarus Found nothing Kaspersky Anti-Virus Found Worm.Win32.AutoRun.bco NOD32 Found nothing Norman Virus Control Found nothing Panda Antivirus Found nothing Rising Antivirus Found nothing Sophos Antivirus Found nothing VirusBuster Found nothing VBA32 Found nothing

#8 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,112 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:11:31 AM

Posted 11 March 2008 - 08:20 AM

Still could not find the file name on my exteranl HDD, however I did find it on my 512MB thumb drive

That's how your pc got infected in the first place but it looks like you've been able to take care of that part.

Did you insert your flash drive before running Flash_Disinfector.exe? If not, do so and continue as follows:

Reboot your computer in "Safe Mode" or "Safe Mode With Command Prompt" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode With Command Prompt".
  • Go to Start > Run and type: cmd
  • press Ok.
  • At the command prompt, type in your primay drive location, usually C:
  • Hit Enter. (Its probably already been removed but we are double-checking)
  • Type: attrib MSInfnd.* -s -h -r -a
  • Hit Enter.
  • Type: dir /s MSInfnd.exe
  • Hit Enter.
  • If the file is present, type: del MSInfnd.exe
  • Hit Enter.
  • Repeat the above commands for each drive on your computer including your flash/usb drive.
  • Exit the command prompt and reboot normally.
When done, check for and remove any Startup RUN values related to MSInfnd.exe by downloading and using Autoruns.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#9 duckhead

duckhead
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:11:31 AM

Posted 11 March 2008 - 09:31 PM

I will perform these just as soon as I can.

In the mean time, I scanned both my flash drive and my USB HDD with Trend Micro which is on my desktop at work.

Flashdrive results= no viruses found, however I can see the file MSInfnd.exe as a hidden file

USB HDD= I cant see the hidden file, but scan results = 6 different registry locations of the Worm_Autorun.bx virus
The file path is the System Volume Information restore with a bunch of letters and numbers behind each occurance

thanks for your help so far
i will post when I get the steps done

#10 duckhead

duckhead
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:11:31 AM

Posted 14 March 2008 - 04:49 AM

I performed the steps in safe mode. After typing attrib MSInfnd.* -s -h -r -a
File not found message was rcvd.
Same results with the USB HDD and the desk top at work.
I can not perform these on my home system for 2 more weeks. I am still out of the country on business.
I found 1 related value and deleted the MSInfnd.exe file thru AUTORUNS on both drives.

#11 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,112 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:11:31 AM

Posted 14 March 2008 - 07:07 AM

File not found message was rcvd.
Same results with the USB HDD and the desk top at work.

Sounds like the file was already removed then. I provided you with instructions to search for and remove if still present.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#12 duckhead

duckhead
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:11:31 AM

Posted 14 March 2008 - 03:31 PM

Quietman7,

thanks for the help. i will perform these steps on my desk top at home when i ever get there.
if i have any prob's at that ponit , i'll just repost a new topic.

thanks again, duckhead

#13 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,846 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:11:31 AM

Posted 14 March 2008 - 07:21 PM

The file path is the System Volume Information restore with a bunch of letters and numbers behind each occurance


Hello duckhead,

System Volume Restore is the file location that the computer uses to restore the computer to a previous working state. The files in question are not active, unless you roll back to an earlier state. Therefore, what we do is to flush the restore points. This will eliminate those files.

To prevent possible reinfection, lets flush the restore points.

The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use Disk Cleanup to remove all but the most recently created Restore Point. Note, with XP Home edition, disk cleanup will begin running immediately. It is calculating the amount of space that will be saved. Let it finish, then click on the Options tab on the small window that pops up to complete the steps.
  • Go to Start > Run and type: Cleanmgr
  • Click "Ok".
  • Click the "More Options" Tab.
  • Click "Clean Up" in the System Restore section to remove all previous restore points except the newly created one.
Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#14 duckhead

duckhead
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:11:31 AM

Posted 14 March 2008 - 09:42 PM

Hi Orange Blossom,

thanks for the info, i have already done the restore thing u mentioned. so far so good.

thanks again to all. i hope this puppy is put to bed.
regards, Duckhead

#15 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,112 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:11:31 AM

Posted 15 March 2008 - 06:48 AM

To protect yourself against malware and reduce the potential for re-infection, be sure to read:
"Simple and easy ways to keep your computer safe".
"How did I get infected?, With steps so it does not happen again!".
"Best Practices - Internet Safety for 2008".
"Hardening Windows Security - Part 1 & Part 2".
"IE Recommended Minimal Security Settings".
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users