Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with MSMSGS.exe virus


  • This topic is locked This topic is locked
2 replies to this topic

#1 chayienne

chayienne

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:01:12 PM

Posted 25 September 2009 - 06:04 PM

Hi,

I would like to request for assistance on how to remove the MSMSGS.exe virus. The virus came from one of my USB flashdrives. Although the AVAST scanner was able to detect it, it wasn't able to delete or remove the virus completely. I would like to remove the virus from the USB flashdrive and my computer.

Kindly review the log and attached files.

DDS (Ver_09-09-24.01) - NTFSx86
Run by Hudson Ong at 22:26:11.73 on Fri 09/25/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3322.824 [GMT 8:00]

AV: avast! antivirus 4.8.1351 [VPS 090924-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\sttray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Documents and Settings\Hudson Ong\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\KWorld Multimedia\PVR-TV 7131 Utilities\P3XRCtl.exe
svchost.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Nero\Nero BackItUp 4\IoctlSvc.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Adobe\Updater6\Adobe_Updater.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Hudson Ong\My Documents\Cecile\Malware Removal Tools\dds.scr

============== Pseudo HJT Report ===============

uSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
uURLSearchHooks: TorrentMan Toolbar: {7c5c0f58-e061-457d-9033-77307f5ed00c} - c:\program files\torrentman\tbTor0.dll
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Skype] "c:\program files\skype\\phone\Skype.exe" /nosplash /minimized
uRun: [Google Update] "c:\documents and settings\hudson ong\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe"
mRun: [SigmatelSysTrayApp] sttray.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Name of App] c:\program files\samsung\fw liveupdate\FWManager.exe r
mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot
mRun: [NBKeyScan] "c:\program files\nero\nero backitup 4\NBKeyScan.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [YeppStudioAgent] c:\program files\samsung\samsungmediastudio4.1\SamsungMediaStudioAgent.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
dRunOnce: [<NO NAME>]
StartupFolder: c:\docume~1\hudson~1\startm~1\programs\startup\hamachi.lnk - c:\program files\hamachi\hamachi.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\remote~1.lnk - c:\program files\kworld multimedia\pvr-tv 7131 utilities\P3XRCtl.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
Trusted Zone: microsoft.com\*.windowsupdate
Trusted Zone: windowsupdate.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\hudson~1\applic~1\mozilla\firefox\profiles\b0dtdyn2.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=
FF - prefs.js: network.proxy.type - 4
FF - component: c:\documents and settings\hudson ong\application data\mozilla\firefox\profiles\b0dtdyn2.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - plugin: c:\documents and settings\hudson ong\application data\mozilla\firefox\profiles\b0dtdyn2.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
FF - plugin: c:\documents and settings\hudson ong\local settings\application data\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R0 mv61xx;mv61xx;c:\windows\system32\drivers\mv61xx.sys [2008-8-24 143360]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-3-23 114768]
R1 Ext2fs;Ext2fs;c:\windows\system32\drivers\ext2fs.sys [2009-2-4 181120]
R1 IfsMount;IfsMount;c:\windows\system32\drivers\ifsmount.sys [2009-2-4 51072]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-3-23 20560]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2009-3-23 138680]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0;c:\program files\common files\nero\nero backitup 4\NBService.exe [2008-9-30 935208]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2009-3-23 254040]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2009-3-23 352920]
R3 Cap713x;Philips Cap713x Video Capture;c:\windows\system32\drivers\Cap713x.sys [2008-11-27 686080]
S2 713xTVCard;SAA7131 TV Card;c:\windows\system32\drivers\SAA713x.sys [2005-3-15 277504]
S3 getPlus® Helper;getPlus® Helper;c:\program files\nos\bin\getPlus_HelperSvc.exe [2008-11-25 66056]
S4 HamachiService;Hamachi Service;c:\program files\hamachi\hamachi.exe [2009-2-11 625952]

=============== Created Last 30 ================

2009-09-24 13:12 219,652 a------- c:\windows\system32\msxml71.dll
2009-09-24 13:06 <DIR> --d----- c:\program files\Office Password Recovery Magic
2009-09-23 12:49 <DIR> a-dshr-- C:\autorun.inf
2009-09-16 20:58 225 a------- c:\windows\ao97pr.ini
2009-09-16 20:57 1,390 a------- c:\windows\aoxppr.ini
2009-09-16 20:56 <DIR> --d----- c:\program files\aoxppr
2009-09-10 22:26 <DIR> --d----- c:\docume~1\hudson~1\applic~1\Passware
2009-09-10 22:26 <DIR> --d----- c:\program files\Passware
2009-09-10 11:13 1,658 a------- c:\windows\aopr.ini
2009-09-10 11:13 <DIR> --d----- c:\program files\Elcomsoft
2009-09-08 23:04 <DIR> --d----- c:\program files\www.freewordexcelpassword.com
2009-09-08 22:57 <DIR> --d----- c:\program files\Password Solutions
2009-09-08 22:57 <DIR> --d----- c:\docume~1\hudson~1\applic~1\Password Solutions
2009-08-27 20:18 1,184,984 a------- c:\windows\system32\wvc1dmod.dll
2009-08-27 20:18 626,688 a------- c:\windows\system32\vp7vfw.dll
2009-08-27 20:18 217,127 a------- c:\windows\system32\drv43260.dll
2009-08-27 20:18 208,935 a------- c:\windows\system32\drv33260.dll
2009-08-27 20:18 176,165 a------- c:\windows\system32\drv23260.dll
2009-08-27 20:18 102,439 a------- c:\windows\system32\sipr3260.dll
2009-08-27 20:18 65,602 a------- c:\windows\system32\cook3260.dll

==================== Find3M ====================

2009-09-17 20:10 3,818 a--sh--- c:\windows\system32\KGyGaAvL.sys
2009-08-27 20:18 87,608 ac------ c:\docume~1\hudson~1\applic~1\inst.exe
2009-08-27 20:18 47,360 ac------ c:\docume~1\hudson~1\applic~1\pcouffin.sys
2009-08-27 20:18 47,360 a------- c:\windows\system32\drivers\pcouffin.sys
2009-08-05 17:01 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-07-25 05:23 411,368 a------- c:\windows\system32\deploytk.dll
2009-07-18 03:01 58,880 a------- c:\windows\system32\atl.dll
2009-07-13 23:43 286,208 a------- c:\windows\system32\wmpdxm.dll
2009-07-04 01:09 915,456 a------- c:\windows\system32\wininet.dll
2008-12-12 12:05 245,760 ac------ c:\program files\Uninstall Ask Toolbar.dll
2008-12-22 22:50 88 ---shr-- c:\windows\system32\4F27BF8A6B.sys
2008-11-25 16:13 16,384 ac-sh--- c:\windows\system32\config\systemprofile\cookies\index.dat
2008-11-25 16:13 32,768 ac-sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\index.dat
2008-11-25 15:56 32,768 ac-sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008112520081126\index.dat
2008-11-25 16:13 32,768 ac-sh--- c:\windows\system32\config\systemprofile\local settings\temporary internet files\content.ie5\index.dat

============= FINISH: 22:26:51.25 ===============

I ran rootrepeal and instead of scan complete message, I got a message that there is an error on my disk and I need to run chkdsk. But it generated a report so I'm attaching it here in case there are some useful information you can use.

Thanks,
Chayienne

Attached Files



BC AdBot (Login to Remove)

 


#2 chayienne

chayienne
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:01:12 PM

Posted 26 September 2009 - 08:22 PM

Please disregard this post. A friend has offered to help me with this problem.

Thanks.

#3 Guest_The weatherman_*

Guest_The weatherman_*

  • Guests
  • OFFLINE
  •  

Posted 27 September 2009 - 04:24 AM

Thanks for letting us know chayienne. :(




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users