Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


msn_virus_remover.exe (??!!) HELP!

  • Please log in to reply
5 replies to this topic

#1 annieandrews


  • Members
  • 2 posts
  • Local time:08:25 PM

Posted 09 August 2009 - 07:35 AM

I received one of those MSN Fotos virus mail from my friend and had opened the link in the mail. I was afraid my system might have been infected. So looked for help in the online forums.

I tumbled across a forum where they advised to run the following MSN Virus remover tool (MSN_VIRUS_REMOVER.EXE) from www.msnvirusremoval.com

But when i ran the exe, it seemed suspicious and did nothing!! Has anybody else seen the same behavior?

After a little more looking around it appears that MSN_VIRUS_REMOVER.EXE is a malicious software and I am afraid I must have infected my system!! :thumbsup:

The info about this malicious s/w is here:

I ran my MCAfee antivirus but it did not detect anything! PLEASE PLEASE HELP! :flowers: Will restoring my system to a previous RESTORE POINT help me in getting rid of this virus/malicious software/malware?

Edited by annieandrews, 09 August 2009 - 08:02 AM.

BC AdBot (Login to Remove)


#2 nitty


  • Members
  • 45 posts
  • Local time:08:25 PM

Posted 09 August 2009 - 08:10 AM

Scan your Pc with Hijackthis:
  • Please download: HijackThis Installer to your Desktop.
  • Double Click the HijackThis icon.
  • By Default, it will install to: C:\Program Files\Trend Micro\HijackThis
    It will also create a shortcut on your Desktop.
  • Accept the licence agreement.
  • Now, select Do a system scan and save a logfile.
  • A Notepad document will open. Please post the contents of that document.
  • Also follow the other instructions in the Forum FAQ.

Also I would wanned to see what will mbam find:
Please download Malwarebytes' Anti-Malware from here

Double Click mbam-setup.exe to install the application.
  • 2)
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK for either of the prompts and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

#3 snowdrop


  • Members
  • 513 posts
  • Local time:08:25 PM

Posted 09 August 2009 - 08:24 AM


Would you please only run the Malwarebytes program and post its report for someone to check for you :thumbsup:

#4 annieandrews

  • Topic Starter

  • Members
  • 2 posts
  • Local time:08:25 PM

Posted 09 August 2009 - 01:43 PM

Thanks Nitty & Snowdrop for your prompt replies! Appreciate the help.

I ran the Malwarbytes program as advised & following is the log. Looks like there were no malicious items detected. I did run an update on the program before running the scan.

Please advise.....Thanks! :thumbsup:


Malwarebytes' Anti-Malware 1.40
Database version: 2586
Windows 5.1.2600 Service Pack 2

8/10/2009 12:05:20 AM
mbam-log-2009-08-10 (00-05-20).txt

Scan type: Quick Scan
Objects scanned: 101624
Time elapsed: 12 minute(s), 46 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#5 snowdrop


  • Members
  • 513 posts
  • Local time:08:25 PM

Posted 09 August 2009 - 02:11 PM

That seems clean :thumbsup: Can you update it, reboot and maybe run a full system scan ? see if that also comes back clean ? :flowers:

#6 Macka007


  • Members
  • 2 posts
  • Gender:Male
  • Local time:10:55 AM

Posted 10 August 2009 - 04:29 AM


I am the developer of MSN Virus Remover, and I can assure you it is free of any viruses or trojans (though, some virus scanners do falsely flag it).

I wouldn't rely on PrevX alone, they seem to flag everything as malicious and when I alerted them to the false positive they changed it to safe, however with every new release they revert it back to malicious :thumbsup: , they claim that they can not fix the false positive indefinately.

If you really doubt our software submit it to VirusTotal.com and ThreatExpert.com. Some scanners will show up false positives, however ThreatEpert will show you there truly is nothing to worry about, as no system changes will be made.

You should have at the very least received an error message when you attempted to run MSN Virus Remover, so I am surprised you did not receive one. Normally the GUI would appear in <2 seconds, so it may be blocked by your AV scanner or there is some other underlying issue preventing it from starting.

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users