Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

How To Remove Msinfmgr.exe


  • Please log in to reply
6 replies to this topic

#1 horseradish

horseradish

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:04:28 PM

Posted 02 September 2006 - 08:54 PM

Hello everyone

I figured this was the best forum for me to post my question. I did search the other forums for any postings of my problem but could not find any.

I have msinfmgr.exe on my system now, and have tried my best to get rid of it but I can't. When I use Rising antivirus it will find the following problem: C:\windows\system32\msinfmgr.exe and then it "fixes" it but it keeps coming back. I have tried downloading other malware and antivirus software but my computer will not let me install them (possibly due to the msinfmgr.exe).

Is there any manual way that I can remove this trojan?

I am running win xp professional

Thank you,
Andrew

Edited by horseradish, 02 September 2006 - 08:56 PM.


BC AdBot (Login to Remove)

 


m

#2 buddy215

buddy215

  • BC Advisor
  • 12,619 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:02:28 AM

Posted 02 September 2006 - 09:26 PM

This is what symantec has to say about removing the virus they label as W32.Naras.
http://www.sarc.com/avcenter/venc/data/w32.naras.html

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#3 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:09:28 AM

Posted 04 September 2006 - 07:39 AM

Hey there horseradish, welcome to Bleeping Computer.
Sorry for the delay in the reply.

I don't think I've ever heard of Rising antivirus. I looked it up and it seems to be legitimate but I have no idea how good it is at removing malware or how reputable the company is. Unless you paid for the program I would suggest that you possibly consider trying another antivirus, after uninstalling Rising. I always feel a bit apprehensive about asking users to uninstall programs that they may like, but take it as a suggestion not an order. I recommend two free antiviruses.

AVG and Avast are excellent, free antivirus programs..
Never install more than one antivirus on your system - several together can cause problems and decrease performance.

This malware is obviously being quite stubborn. I have a couple of things you can try to remove the problem. Firstly you might like to try a scan with Rising in safe mode. Antivirus tools will have a better rate of success for removing files in safe mode. This can be done tapping the F8 key as soon as you start your computer. You will be brought to a menu where you can choose to boot into safe mode. Make sure you choose the option without networking support. Run a full system scan and let Rising try and delete the file; it may be that as the file cannot auto run in safe mode it can be successfully deleted. Note that if you uninstalled Rising for another Antivirus, you can try scans with the new program in place of the above.

If that doesn't work you may have to try an alternative scanner; it is possible that Rising is simply not able to remove the malware. My first pointer would be to update the program, you could try that.

Please download, install, and update Ewido anti-spyware
Load Ewido and then click the Update tab at the top.
Under Manual Update click Start update.

After the update finishes (the status bar at the bottom will display "Update successful")
Then click on the Scanner tab at the top.
Click the "Settings" tab and then change the recommended action to Quarantine.
Click Automatically generate report after every scan.
Click back to the "Scan" tab and then click on Complete System Scan.
This scan can take quite a while to run, so be prepared.
Ewido will list any infections found on the left hand side.

When the scan has finished, it will automatically set the recommended action.
Click the Apply all actions button.
Ewido will display "All actions have been applied" on the right hand side.
Click on "Save Report", then "Save Report As".
This will create a text file. Make sure you know where to find this file again (like on the Desktop).
Close Ewido and reboot!!

Let me know if the error Norton alert popups again.
Also post the ewido log here if you can.
David

#4 horseradish

horseradish
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:04:28 PM

Posted 15 September 2006 - 08:12 AM

Hello again and thank you for your replies

I the problem with my computer has gotten to the point where I can't complete a scan with an aintivirus scanner. I have Avast and it can do the preboot scan, but problems still persist so I try the full scan after booting and the computer will shut down at the point every time. It will just shut down automatically. I have also tried doing the scans in safe mode with the same effect. I can't seem to download any new software (such as antivirus software) properly any more either. When I do download software and then go to install it I gt this message everytime that it can not find such and such a file so in the end it can not install the newly downloaded software.

I have heard of people who have removed there hard drive, put it into another working computer and then scanned it from that computer. Is this possible?

Thank you,
Andrew

#5 horseradish

horseradish
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:04:28 PM

Posted 15 September 2006 - 08:13 AM

By the way I think Rising Antivirus is mostly used in China. I work in China and that's the one I see here all the time. I think generally it does fairly well.

#6 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:09:28 AM

Posted 15 September 2006 - 10:44 AM

I think that you might have some problems that only a experienced HJT tech can help you with.
It is possible some malware is stopping you from downloading/installing a new anti-virus.

I have read your post and I think it would be wise for you to post a HijackThis log for an expert to review.
I recommend you follow the HijackThis preparation guide which can be found here. It is important that you follow the guide closely. A number of scans will be run which may well fix your problem. As the guide says, after you have completed the scans that are recommended, please post your HijackThis log in a new topic in the forum found here. Please add your system infomation and also what problems you are having.
Please be patient, and a HJT team member will help you to clean up your system.

#7 horseradish

horseradish
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:04:28 PM

Posted 20 October 2006 - 02:32 AM

Hello and thank you for your help.

I am now using a new computer. A computer tech was able to make the old one work well enbough that I could get my files off and transfer them to a new computer.

Andrew




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users