Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

MSMSGS Entries Found


  • Please log in to reply
8 replies to this topic

#1 Jove

Jove

  • Members
  • 2,739 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Very South Jersey
  • Local time:08:50 PM

Posted 04 February 2009 - 10:23 PM


It says it's a Microsoft Corporation folder but if it were safe, . . . the
file name, etc. is not listed in the BC Start UP Data File List? Correct ?



Information:


In Systems Configuration Utility



Note; Startup Item(msmsgs), is in lower case;

Can you tell me why this is in Uppercase else where, like in the Spybot System Startup list ?

Startup Item Command Location

msmsgs "C:\Program Files\CO HKLM\SOFTWARE\Microsoft|Windows\CurrentVer


\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\


In Spybot

Note: The copy and Paste to Clipboard, (from Spybot), only provided one entry for MSMSG there are, (2), these seem to be the same file in two different locations since there size, etc. are the same ? It say where but it also says Located?


Located: HK_CU:Run, MSMSGS
where: S-1-5-21-2564294346-4179051517-1260927497-1005...
command: "C:\Program Files\Messenger\msmsgs.exe" /background
file: C:\Program Files\Messenger\msmsgs.exe
size: 1695232
MD5: 3E930C641079443D4DE036167A69CAA2



Located: HK_CU:Run, MSMSGS
where: PE_C_OWNER...
command: "C:\Program Files\Messenger\msmsgs.exe" /background
file: C:\Program Files\Messenger\msmsgs.exe
size: 1695232
MD5: 3E930C641079443D4DE036167A69CAA2


How can I tell if this is legitimate or not, . .

the file name here per Spybot is, (C:\Program Files\Messenger\msmsgs.exe), however the only,
one that is not marked with a, "Red" "X" is the one with the file name
"msmsgs.exe", does this mean I have an entry that is not legitimate?

Reason I'm asking is because Autoruns has provided the following:

MSMSGSWindows Messenger Microsoft Corporation
c:\program files\messenger\msmsgs.exe




It says it's a Microsoft Corporation folder but if it were safe, . . . the
file name, etc. is not listed in the BC Start UP Data File List?

Edited by Jove, 04 February 2009 - 10:27 PM.

When you don't have to worry about your computer anymore, you can start
living again !

vrwqzc.gif
Success is a result, not a goal. . . . Flaubert


BC AdBot (Login to Remove)

 


#2 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:50 AM

Posted 07 February 2009 - 10:27 PM

The BC Startup list is not exhaustive - that is, it does not contain all possible files. If you are worried about a particular file you could upload it at Jotti for analysis.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#3 Jove

Jove
  • Topic Starter

  • Members
  • 2,739 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Very South Jersey
  • Local time:08:50 PM

Posted 08 February 2009 - 12:30 PM

Thank you Budapest,

I knew there was that site but for my life I could not remember or find it, goes to show you,

there is a certain amount of confusion in my life, . . I appreciate your help here, I will Jot down

the Jotti site and keep it in a safe place !

Edited by Jove, 08 February 2009 - 12:31 PM.

When you don't have to worry about your computer anymore, you can start
living again !

vrwqzc.gif
Success is a result, not a goal. . . . Flaubert


#4 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:08:50 PM

Posted 08 February 2009 - 12:46 PM

http://www.sysinfo.org/startuplist.php?filter=msmsgs.exe

Just another reason why I don't use the program, I remove it in add/remove windows components
Chewy

No. Try not. Do... or do not. There is no try.

#5 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,199 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:50 PM

Posted 08 February 2009 - 12:47 PM

http://virusscan.jotti.org/

Jotti's malware scan


I also agree with DaChew.

Edited by boopme, 08 February 2009 - 12:48 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#6 Jove

Jove
  • Topic Starter

  • Members
  • 2,739 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Very South Jersey
  • Local time:08:50 PM

Posted 08 February 2009 - 03:25 PM

Budapest,

Your Alright !!!


"A man is only as Good as his Tools"

I feel like I have a pretty darn good tool !


an taken on 08 Feb 2009 19:44:57 (GMT)
A-Squared
Found nothing
AntiVir
Found nothing
ArcaVir
Found nothing
Avast
Found nothing
AVG Antivirus
Found nothing
BitDefender
Found nothing
ClamAV
Found nothing
CPsecure
Found nothing
Dr.Web
Found nothing
F-Prot Antivirus
Found nothing
F-Secure Anti-Virus
Found nothing
G DATA
Found nothing
Ikarus
Found nothing
Kaspersky Anti-Virus
Found nothing
NOD32
Found nothing
Norman Virus Control
Found nothing
Panda Antivirus
Found nothing
Sophos Antivirus
Found nothing
VirusBuster
Found nothing
VBA32
Found nothing

When you don't have to worry about your computer anymore, you can start
living again !

vrwqzc.gif
Success is a result, not a goal. . . . Flaubert


#7 Jove

Jove
  • Topic Starter

  • Members
  • 2,739 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Very South Jersey
  • Local time:08:50 PM

Posted 09 February 2009 - 12:56 AM

I'm looking for ;

Located: WinLogon, crypt32chain
command: crypt32.dll
file: crypt32.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated

as I would like to check this file also, I have not been able to find it in the Start Up List,

but it appears in the Spybot System Startup list as above,

I searched WinLogon, the results are difficult to determine but I can not find the WinLogon folder anywhere.

In checking one of the search result locations I find that the file C:\WINDOWS| $ntservicepackuninstall$ is located in the Windows Folder, this Folder has many folders in it,
what do I do start checking folders or should the search be more precise, I guess I am not on it ?

I mean it found the folder it is in, . . there are no other search options are there ?

Edited by Jove, 09 February 2009 - 01:22 AM.

When you don't have to worry about your computer anymore, you can start
living again !

vrwqzc.gif
Success is a result, not a goal. . . . Flaubert


#8 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:08:50 PM

Posted 09 February 2009 - 04:29 AM

http://en.wikipedia.org/wiki/Winlogon

This is very complicated, I take it "on faith"

the file is only part of the process

I have 4 copies of crypt32.dll, the one in system 32 is the important one, the rest are backups for reinstalling/repairing or uninstalling like a service pack
Chewy

No. Try not. Do... or do not. There is no try.

#9 Jove

Jove
  • Topic Starter

  • Members
  • 2,739 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Very South Jersey
  • Local time:08:50 PM

Posted 09 February 2009 - 12:38 PM

I take your word for it, thanks Chewy.

When you don't have to worry about your computer anymore, you can start
living again !

vrwqzc.gif
Success is a result, not a goal. . . . Flaubert





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users