Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

msess.exe


  • Please log in to reply
1 reply to this topic

#1 ZlobIsFun

ZlobIsFun

  • Members
  • 92 posts
  • OFFLINE
  •  
  • Local time:06:49 AM

Posted 17 December 2012 - 04:55 PM

Hi, I recently formatted my HDD, and my SSD.
I backed up my steam games on my 1TB external, and my movies/music/pictures/etc.
I didn't back up anything else besides games and media.
My OS was previously on my HDD. Now, I usually always look to see what's going on inside my computer, I'm always looking at my task manager and active connections, and sometimes I run netstat just out of curiosity.

One day, I saw msess.exe in my procceses.
I googled it, and it appeared to be a virus. So I opened the file location, and deleted it. The first time I deleted it, there was an image file with it as well..

Now, every now and then I'd hear a " ding " as if I were trying to click a window that had a message box open... I went into my task manager each time, saw msess, went to the folder, and saw msess.exe and the image. I ended the process and deleted them both.
This happened over, and over, and over again. Even after I ran malwarebytes, esetscanner, and combofix.
Nothing worked!
So I just reformatted because I needed to install my OS on my SSD anyways.
Everything seemed just fine, everything was smooth, everything was fast!
Then suddenly..
DING!
msess.exe was in my processes once again..

Please help me! I don't know what it is, if it's a rootkit or what, but I scanned it with malwarebytes once and it was something like..
Heuristics.Shuriken.

Thanks again.

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,416 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:49 AM

Posted 17 December 2012 - 10:11 PM

Hello,it is a backdoor trojan that connects to a remote IP address using either TCP port 81 or a random port. It allows an attacker to access the computer.



The Bifrose trojan family is highly configurable. Thus, the locations of their installed files on an infected computer and the TCP ports they use to connect may vary. They allow an attacker to perform any of the following actions on the affected machine:


•Manage running processes
•Manipulate files or registry data
•Obtain installed program details
•Log keystrokes
•Screen capturing
•System shutdown or reboot
•Command shell


and can also download these dangerous items.
Backdoor.Tidserv
Trojan.Vundo
W32.Waledac
W32.Virut


We should look at a few things as it may have survived in the Boot sector.

MiniToolBox
Please download MiniToolBox, save it to your desktop and run it.Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.

Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run. Note: When using "Reset FF Proxy Settings" option Firefox should be closed.


Please run these now........
Please download Rkill by Grinler and save it to your desktop.Link 1
Link 2
  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista, right-click on it and Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • If the tool does not run from any of the links provided, please let me know.
Do not reboot the computer, you will need to run the application again.


>>>>
Please Download TDSSkiller
Launch it.
Click on change parameters-Select TDLFS file system
Click on "Scan".
Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results.

>>>>
Please download aswMBR ( 4.5MB ) to your desktop.
  • Double click the aswMBR.exe icon, and click Run.
  • When asked if you'd like to "download the latest Avast! virus definitions", click Yes.
  • Click the Scan button to start the scan.
  • On completion of the scan, click the save log button, save it to your desktop, then copy and paste it in your next reply.




Reboot back to Normal mode as
I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image
      icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.

NOTE:Sometimes if ESET finds no infections it will not create a log.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users