Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Removing msa.exe


  • Please log in to reply
8 replies to this topic

#1 Gamekid

Gamekid

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:37 PM

Posted 22 September 2009 - 09:39 AM

I have the process msa.exe and due to this being present, I'm unable to run any kind of scan. What happens is that whatever I run, terminates and I'm unable to start up again whatever it is that I was running before.

BC AdBot (Login to Remove)

 


#2 garmanma

garmanma

    Computer Masochist


  • Members
  • 27,809 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cleveland, Ohio
  • Local time:11:37 PM

Posted 22 September 2009 - 12:02 PM

Are you able to download things?
Can you get into safe mode w/networking?
Can you open Task Manager and end the process?
-------------------------------


Some types of malware will disable Malwarebytes Anti-Malware and other security tools. If MBAM will not install, try renaming it first.
  • Right-click on the mbam-setup.exe file file and rename it to mysetup.exe.
  • Double-click on mysetup.exe to start the installation.
  • If that did not work, then try renaming and changing the file extension. <- click this link if you do not see the file extension
  • Right-click on the mbam-setup.exe file, rename it to mysetup and change the .exe extension to .scr, .com, .pif, or .bat.
  • Then double-click on mysetup.scr (or whatever extension you renamed it) to begin installation.
If after installation, MBAM will not run, open the Malwarebytes' Anti-Malware folder in Program Files.
  • Right-click on mbam.exe, rename it to myscan.exe.
  • Double-click on myscan.exe to launch the program.
  • If that did not work, then try renaming and change the .exe extension in the same way as noted above.
  • Double-click on myscan.scr (or whatever extension you renamed it) to launch the program.
If using Windows Vista, refer to How to Change a File Extension in Windows Vista.

Be sure to update MBAM through the program's interface (preferable method) or manually download the definition updates and just double-click on mbam-rules.exe to install. Then perform a Quick Scan in normal mode and check all items found for removal. Don't forgot to reboot afterwards. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. When done, click the Logs tab and copy/paste the contents of the report in your next reply.

Note: MBAM uses Inno Setup instead of the Windows Installer Service to install the program. If installation fails in normal mode, try installing in safe mode. Doing this is usually not advised as MBAM is designed to be at full power when running in normal mode and loses some effectiveness for detection & removal when used in safe mode. For optimal removal, normal mode is recommended so it does not limit the abilities of MBAM. Therefore, after completing a scan it is recommended to uninstall MBAM, then reinstall it in normal mode and perform another Quick Scan.



The process of cleaning your computer may require you to temporarily disable some security programs. If you are using SpyBot Search and Destroy, please refer to Note 2 at the bottom of this page.

Please download Malwarebytes Anti-Malware and save it to your desktop.

NOTE: Before saving MBAM please rename it to zztoy.exe....now save it to your desktop.


alternate download link 1
alternate download link 2
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself.
  • Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note:
-- If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

Note 2:
-- MBAM may make changes to your registry as part of its disinfection routine. If you're using other security programs that detect registry changes (like Spybot's Teatimer), they may interfere with the fix or alert you after scanning with MBAM. Please disable such programs until disinfection is complete or permit them to allow the changes. To disable these programs, please view this topic: How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
---------------------------
Be sure to re-enable your AV and malware scan tools if they were disabled
Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

#3 Gamekid

Gamekid
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:37 PM

Posted 22 September 2009 - 01:07 PM

Following your instructions, I ran into a few obstacles.

First things first, I'm able to download programs. I downloaded and installed malware bytes and updated it, but when I attempt to run a scan, the program prepares for a scan and then just quits like that. If I start it up again, I get an error message even though I'm logged into windows xp as an administrator.

C;\Program Files\Malwarebytes' Anti-Malware\mbam.exe

Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access
the item

If I try to rename the mbam.exe file to myscan.exe, windows won't let me even though I'm logged into windows xp as an administrator and have the hide extensions for known file types turned off

I can download things
I can get into safe mode with networking
I can open task manager

The only thing that I did not do was to rename malware bytes to zztoy.exe.

There are some things that I haven't mentioned just yet.

msb.exe is present. I don't know if msb.exe is another name for msa.exe. I have an unpatched microsoft office xp with publisher 2002. No updates are installed. I can't seem to find any updates for office xp so I don't know if microsoft has already pulled support for it and I should upgrade to office 2207. My cpu usage is many times at 100%.

As a last resort, I can just reinstall windows although it's takes me about half a day to do that.

Edited by Gamekid, 22 September 2009 - 07:01 PM.


#4 garmanma

garmanma

    Computer Masochist


  • Members
  • 27,809 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cleveland, Ohio
  • Local time:11:37 PM

Posted 22 September 2009 - 07:07 PM

We Need to check for Rootkits with RootRepeal
  • Download RootRepeal from the following location and save it to your desktop.
  • Direct Download (Recommended)
  • Zip Mirrors (Recommended if you have a slower connection or if the Direct Download mirror is down)

  • Extract RootRepeal.exe from the archive (If you did not use the "Direct Download" mirror).
  • Riight-click on rootrepeal.exe and rename it to tatertot.scr
  • Open Posted Image on your desktop.
  • Click the Posted Image tab.
  • Click the Posted Image button.
  • Check all seven boxes: Posted Image
  • Push Ok
  • Check the box for your main system drive (Usually C:), and press Ok.
  • Allow RootRepeal to run a scan of your system. This may take some time.
  • Once the scan completes, push the Posted Image button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your next reply, please.

----------------------------------
Please note: If Rootrepeal fails to run, try this steps:
Click Settings - Options. Set the Disk Access slider to High

Right-click on rootrepeal.exe and rename it tatertot.scr

Select to scan only Drivers
Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

#5 Gamekid

Gamekid
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:37 PM

Posted 24 September 2009 - 12:39 PM

After getting infected with spyware, I reinstalled windows xp yesterday. I downloaded the rootrepeal program, however when starting it, I get the following error message.

Could not read the boot sector. Try adusting the disk access level in the options dialog

I clicked on ok several times. I then did a scan, however when scanning, the program just quit like that.

If I start up rootrepeal again, windows can't find the program.

I ran a virus scan and I have this in the virus vault.

virus name
virus identified packed.hidden

path to file
\\?\globalroot\systemroot\system32\gasfkuqomvrqcy.dll

Now I can't seem to do an on demand virus scan. I also have office xp with publisher 2002 that is not patched. My CPU usage is at 100% many times. My pc is about six years old.

Edited by Gamekid, 24 September 2009 - 01:52 PM.


#6 garmanma

garmanma

    Computer Masochist


  • Members
  • 27,809 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cleveland, Ohio
  • Local time:11:37 PM

Posted 24 September 2009 - 07:00 PM

\\?\globalroot\systemroot\system32\gasfkuqomvrqcy.dll
You have a severe rootkit infection. This will take some time
I have to get a log produced so you can post in HJT


Go to Posted Image > Run..., then copy and paste this command into the open box: cmd
Click OK.
At the command prompt C:\>, copy and paste the following command and press Enter:

DIR /a/s %windir%\scecli.dll %windir%\netlogon.dll %windir%\eventlog.dll >Log.txt & START notepad Log.txt

A file called log.txt should be created on your Desktop.
Open that file and copy/paste the contents in your next reply.
Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

#7 Gamekid

Gamekid
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:37 PM

Posted 24 September 2009 - 08:43 PM

Something actually works for once. LOL Here is my reply

Volume in drive C has no label.
Volume Serial Number is F450-07B6

Directory of C:\WINDOWS\$NtServicePackUninstall$

08/04/2004 12:56 AM 180,224 scecli.dll

Directory of C:\WINDOWS\$NtServicePackUninstall$

08/04/2004 12:56 AM 407,040 netlogon.dll

Directory of C:\WINDOWS\$NtServicePackUninstall$

08/04/2004 12:56 AM 55,808 eventlog.dll
3 File(s) 643,072 bytes

Directory of C:\WINDOWS\ServicePackFiles\i386

04/13/2008 05:12 PM 181,248 scecli.dll

Directory of C:\WINDOWS\ServicePackFiles\i386

04/13/2008 05:12 PM 407,040 netlogon.dll

Directory of C:\WINDOWS\ServicePackFiles\i386

04/13/2008 05:11 PM 56,320 eventlog.dll
3 File(s) 644,608 bytes

Directory of C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819

08/04/2004 12:56 AM 180,224 scecli.dll

Directory of C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819

08/04/2004 12:56 AM 407,040 netlogon.dll

Directory of C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819

08/04/2004 12:56 AM 55,808 eventlog.dll
3 File(s) 643,072 bytes

Directory of C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e

04/13/2008 05:12 PM 181,248 scecli.dll

Directory of C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e

04/13/2008 05:12 PM 407,040 netlogon.dll

Directory of C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e

04/13/2008 05:11 PM 56,320 eventlog.dll
3 File(s) 644,608 bytes

Directory of C:\WINDOWS\system32

04/13/2008 05:12 PM 181,248 scecli.dll

Directory of C:\WINDOWS\system32

04/13/2008 05:12 PM 407,040 netlogon.dll

Directory of C:\WINDOWS\system32

04/13/2008 05:11 PM 61,952 eventlog.dll
3 File(s) 650,240 bytes

Total Files Listed:
15 File(s) 3,225,600 bytes
0 Dir(s) 19,180,359,680 bytes free

#8 garmanma

garmanma

    Computer Masochist


  • Members
  • 27,809 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cleveland, Ohio
  • Local time:11:37 PM

Posted 25 September 2009 - 06:43 PM

Now that you were successful in creating a log you need to post it in our HJT forum:
http://www.bleepingcomputer.com/forums/f/22/virus-trojan-spyware-and-malware-removal-logs/
Give a brief description and tell them that this log was all you could get to run successfully
The HJT team is extremely busy, so be patient and good luck
Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

#9 Gamekid

Gamekid
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:37 PM

Posted 25 September 2009 - 06:49 PM

I found out the reason why my pc got so messed up. I had an unpatched microsoft office xp with publisher 2002. Sounds crazy, but every microsoft program out there has security risks that have to be patched. I reinstalled windows xp this morning, but I didn't install my old office because I don't have a way to patch it so this is where I leave you. If you have something that isn't patched such as windows vista or office, get it patched asap. If you can't patch it, uninstall it. I'm getting the newer offiec 2007.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users