Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Search Term Not Found


  • Please log in to reply
26 replies to this topic

#1 Jove

Jove

  • Members
  • 2,739 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Very South Jersey
  • Local time:06:37 PM

Posted 05 November 2008 - 12:07 PM

Posted Image



Posted Image

Similar Message appears at Startup

Edited by Jove, 05 November 2008 - 12:10 PM.

When you don't have to worry about your computer anymore, you can start
living again !

vrwqzc.gif
Success is a result, not a goal. . . . Flaubert


BC AdBot (Login to Remove)

 


#2 garmanma

garmanma

    Computer Masochist


  • Members
  • 27,809 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cleveland, Ohio
  • Local time:06:37 PM

Posted 05 November 2008 - 09:20 PM

Everything I have found points to an infection
Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

#3 Jove

Jove
  • Topic Starter

  • Members
  • 2,739 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Very South Jersey
  • Local time:06:37 PM

Posted 05 November 2008 - 10:58 PM

Hey, Thank you man !

I have AVG and Malwarebytes on board, . . will that do, are they good for safe mode ?

When you don't have to worry about your computer anymore, you can start
living again !

vrwqzc.gif
Success is a result, not a goal. . . . Flaubert


#4 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,612 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:06:37 PM

Posted 06 November 2008 - 11:06 AM

Agreed, looks like an infection. Delete the run entry in autoruns.

MBAM is a good for the arsenal. No comment on AVG as I do not use it. I use AVAST.

#5 Jove

Jove
  • Topic Starter

  • Members
  • 2,739 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Very South Jersey
  • Local time:06:37 PM

Posted 06 November 2008 - 12:24 PM

Grinler,


I have a feeling that it is possible the, slave drive (E:), recently installed has virus's and the like in it, this may be a source of infections etc.

I am posting the A-R Screen Shot, for verified affirmation, I want to be sure I am doing this right as I have never deleted from auto run, there were three entrees in the msconfig ?, what about those ? Will Malware bytes run in the Safe Mode ?

Also from the message screen shot in original post mentions font, I did install modification in Language Options, i.e., install files for East Asian language, this may or may not be pertinent ?

Thanks much for your help.

Posted Image

When you don't have to worry about your computer anymore, you can start
living again !

vrwqzc.gif
Success is a result, not a goal. . . . Flaubert


#6 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,612 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:06:37 PM

Posted 11 November 2008 - 09:38 AM

I would not touch any of the items in the screen shot above. Just remove the run entry associated with C:\Windows\Fonts\wmsncs.exe

#7 Jove

Jove
  • Topic Starter

  • Members
  • 2,739 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Very South Jersey
  • Local time:06:37 PM

Posted 11 November 2008 - 06:30 PM

Grinler,

Thanks for the double check, I think I made a mistake on that screen shot, . .

I am pretty sure I or we are talking about the "wmsncs" file as seen in the next screen shot as
it presently appears in the utility configuration, the thing is, I am also trying to say after running the mbam scan there is still two remaining entrys'

When I go to Auto Runs and search, "wmsncs", I get what you see in the second screen shot.

I am assuming that if this is the, "wmsncs", file I should uncheck it ?

Can you tell me will this then take care, (automatically delete), the entry's of this file in the msconfig ?

# 31 Posted Image


# 34 Posted Image

When you don't have to worry about your computer anymore, you can start
living again !

vrwqzc.gif
Success is a result, not a goal. . . . Flaubert


#8 Jove

Jove
  • Topic Starter

  • Members
  • 2,739 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Very South Jersey
  • Local time:06:37 PM

Posted 11 November 2008 - 08:27 PM

I would like to wait for your answer to my last reply before I do anything else.

When I get this resolved , unfortunately as usual there is more, . .

I'd like you to look at this and tell me what I have here ?

This,#31 "msmsgs" as in msconfig, "C:Program Files\Mes" is listed in the Startup List,
Full first page all, "Bad" excepting for one entry. As I view this in the Auto Runs Program
# 33 there is a single listing, first I am trying to determine is mine is a, "bad file" and I wanted to know
why is there only one entry in each, msconfig and Auto Runs, compared to a file like, "TINTSETP",
which has two entry's, when I have the search results for, "msmsgs" and there is a page full of these files,
# 32 ?


#31-01 Posted Image


# 32 Posted Image


# 33 Posted Image

Edited by Jove, 11 November 2008 - 08:36 PM.

When you don't have to worry about your computer anymore, you can start
living again !

vrwqzc.gif
Success is a result, not a goal. . . . Flaubert


#9 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:10:37 PM

Posted 13 November 2008 - 09:16 PM

Jove,

I think you need to ask these kinds of questions on the Am I Infected forum.

It seems that you have some malware there, and I'm assuming you have PC problems.

Post to the above forum and someone will help you scan and remove everything that might be causing you problems.

All the best,

m0le
Posted Image
m0le is a proud member of UNITE

#10 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,612 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:06:37 PM

Posted 14 November 2008 - 09:56 AM

You cant look at the startup database by filename only. IN order to determine if your file is the same as the startup database listing, you need to look at the filename, the location of the file, and the name it appears in the registry. If any of these are different then what are shown in the startup database, you should assume it is a different file and possibly legitimate.

As for wmsncs, find their entries in autoruns and right click and delete them. For regular apps, do not use autoruns to delete the entries. Instead disable the autorun via the programs settings.

#11 Jove

Jove
  • Topic Starter

  • Members
  • 2,739 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Very South Jersey
  • Local time:06:37 PM

Posted 14 November 2008 - 12:03 PM

I'm sorry, this file seems to keep jumping around when I search it, this time it showed up as,
NvidMediaCen.. Files not found C: program.

Previously Post # 7 Fig. 34 ?

Can you tell me what to do ? Why is mbam is not solving this ?

When you don't have to worry about your computer anymore, you can start
living again !

vrwqzc.gif
Success is a result, not a goal. . . . Flaubert


#12 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,612 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:06:37 PM

Posted 15 November 2008 - 10:21 PM

At this point I would suggest you follow the prep guide in the hjt forum. If filenames keep changing, then you may have an active malware infeciton.

#13 Jove

Jove
  • Topic Starter

  • Members
  • 2,739 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Very South Jersey
  • Local time:06:37 PM

Posted 16 November 2008 - 10:48 AM

That's a good idea, Thank you.

Before I proceed to the Final steps of doing the HJT report, I have a question.

I have a Drive (E:) installed as a slave drive, it is very possible this may also have some malware or infections,
on that drive I have Spybot S&D, installed, I thought about using it the other day because I do not have it installed on drive (C:), master drive, however, I have not found where it scans individual or combined drives. So, there is a question of Can I use this as it is on the slave drive?

Will I need to re-install SB on the master OS ?

When you don't have to worry about your computer anymore, you can start
living again !

vrwqzc.gif
Success is a result, not a goal. . . . Flaubert


#14 Jove

Jove
  • Topic Starter

  • Members
  • 2,739 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Very South Jersey
  • Local time:06:37 PM

Posted 16 November 2008 - 01:34 PM

Little Problem with AAW ; as follows;

Posted Image

Please advise as to what I can do about this.

Edited by Jove, 16 November 2008 - 01:37 PM.

When you don't have to worry about your computer anymore, you can start
living again !

vrwqzc.gif
Success is a result, not a goal. . . . Flaubert


#15 nigglesnush85

nigglesnush85

  • Members
  • 4,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:10:37 PM

Posted 16 November 2008 - 02:46 PM

It looks like the file is corrupt. Try downloading the file again or downloading from another system and moving the file to the infected system.
Regards,

Alan.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users