Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Points to Infection ?


  • Please log in to reply
5 replies to this topic

#1 Jove

Jove

  • Members
  • 2,739 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Very South Jersey
  • Local time:01:59 AM

Posted 06 November 2008 - 08:21 AM

Good Morning !

The following post are from Startup List Forum, please advise. Since this is a search term that can not be found in the Startup Data base, . .what anti-virus and or malware program should I be running ?
I presently have AVG installed, I ran it (scan last night) but it was still running when I opened this morning, and I turned it off thinking it rescanned through the night, apparently not, . .
the scan results indicated it was interrupted, . . I emptied the Virus vault, I am sorry I did that as I did not take a concentrated look at what was in there, Is there a log for AVG ?

I have Malwarebytes down loaded but it is not installed.

I have a feeling that it is possible the, slave drive (E:), recently installed has virus's and the like in it, this may be a source of infections etc.



=================================================

Posted Image



Posted Image

Similar Message appears at Startup


================================================

Everything I have found points to an infection



================================================

Note;There have been installation modifications concerning language options.
Install Files for East Asian Languages

Edited by Jove, 06 November 2008 - 08:27 AM.

When you don't have to worry about your computer anymore, you can start
living again !

vrwqzc.gif
Success is a result, not a goal. . . . Flaubert


BC AdBot (Login to Remove)

 


#2 Jove

Jove
  • Topic Starter

  • Members
  • 2,739 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Very South Jersey
  • Local time:01:59 AM

Posted 06 November 2008 - 05:12 PM

I can use some help with AVG scan programs.


AVG program scanning, (2), drives (C:) + (E:) resulting in the following descriptions ;

Concerning the Connection failure and the component error,
I believe that the update this morning was completed, . . .
the component failure is the email scanner, which I have been told is normal ?

Regarding completed Scan, (Not scanned in Safe Mode);
Clicking Remove all unhealed infections I get this;

# 19 Posted Image


As an alternative, when clicking go to file I get this;
I am not getting a lot of meaning out of this.
I know nothing as to what I should do with it ?


# 20 Posted Image



# 21 Posted Image


Can someone tell me how to configure information about infections, etc. so that I can get an idea of what I am dealing with. I saw during the scan that the Harmful infections were some type of Fake Anti-Virus Files or the like, but I can't find the information on these now that the scan is complete. As I suspected these were found in the (E:) drive, with tracking cookies, some(3?) tracking cookies were found in the (C:) drive, but the original suspect infection has not been dealt with yet, I was advised to deal with it, (wmsncs), using Malware bytes, and I have located what I would suspect to be this in Auto Run as seen in first post, i.e. represented in msconfig.



How should I delete this as recommended prior to running Malwarebytes? and is this relative to the three suspect entrees in msconfig ?


Posted Image


# 17 Posted Image

Edited by Jove, 06 November 2008 - 05:17 PM.

When you don't have to worry about your computer anymore, you can start
living again !

vrwqzc.gif
Success is a result, not a goal. . . . Flaubert


#3 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:59 PM

Posted 06 November 2008 - 05:18 PM

I think you should start by installing and scanning with Malwarebytes.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#4 Jove

Jove
  • Topic Starter

  • Members
  • 2,739 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Very South Jersey
  • Local time:01:59 AM

Posted 06 November 2008 - 08:01 PM

I was not able to determine what Malwarebytes found was on, (C:) or (E:), drives.

I Deleted them using the MBAM Command.

The log is posted here in.


# 22 Posted Image


Malwarebytes' Anti-Malware 1.30
Database version: 1370
Windows 5.1.2600 Service Pack 2

11/6/2008 7:37:54 PM
mbam-log-2008-11-06 (19-37-33).txt

Scan type: Full Scan (C:\|E:\|)
Objects scanned: 130554
Time elapsed: 1 hour(s), 18 minute(s), 22 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 2
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NET Runtime Optimization Service v2.1.41329_X86 (Trojan.Agent) -> No action taken.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Wins Service (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Wmsncs Service (Trojan.Agent) -> No action taken.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (explorer.exe "C:\WINDOWS\Fonts\wmsncs.exe") Good: (Explorer.exe) -> No action taken.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

When you don't have to worry about your computer anymore, you can start
living again !

vrwqzc.gif
Success is a result, not a goal. . . . Flaubert


#5 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:59 PM

Posted 06 November 2008 - 09:09 PM

Reboot your computer, run the scan again and post the new log.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#6 Jove

Jove
  • Topic Starter

  • Members
  • 2,739 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Very South Jersey
  • Local time:01:59 AM

Posted 07 November 2008 - 02:32 AM

Malwarebytes' Anti-Malware 1.30
Database version: 1370
Windows 5.1.2600 Service Pack 2

11/7/2008 2:13:41 AM
mbam-log-2008-11-07 (02-13-41).txt

Scan type: Full Scan (C:\|E:\|)
Objects scanned: 113648
Time elapsed: 1 hour(s), 7 minute(s), 52 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


The Original files in question, (wmsncs), have changed in status as revealed here in;

Recent Screen Shot after mbam scans ;


# 23 Posted Image



Previous Screen Shot, before mbam scans

# 17 Posted Image

When you don't have to worry about your computer anymore, you can start
living again !

vrwqzc.gif
Success is a result, not a goal. . . . Flaubert





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users