Click here to get back home

got this trojan in a file called mscmsr.dll - don't know where it came from...
 HomeNewsGroups | Search | About
Login Password
Register Now!
 microsoft.public.security.virus    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content
Subject Author Date
got this trojan in a file called mscmsr.dll - don't know where it came from... David De 03-06-2008
Posted by David H. Lipman on March 8, 2008, 1:52 pm
Please log in for more thread options
| Here is the log file :
|
| C:\Documents and Settings\David\Local Settings\Temporary Internet Files
| \Content.IE5\SA7E9WEY\appD[1].cab
| [0] Archive type: CAB (Microsoft)
| --> inapp5.exe
| [DETECTION] Is the Trojan horse TR/Agent.AHDK.1
| C:\Documents and Settings\David\Local Settings\Temporary Internet Files
| \Content.IE5\XPSAKWO4\appB[1].cab
| [0] Archive type: CAB (Microsoft)
| --> inapp4.exe
| [DETECTION] Is the Trojan horse TR/Drop.Agent.Exo.2
| [INFO] The file was deleted!
| C:\WINDOWS\system32\mscmsr.dll
| [DETECTION] Is the Trojan horse TR/Dldr.Agent.kdt
| [INFO] The file was deleted!
| Begin scan in 'H:\' <Summers>
| H:\backup of all C\Program Files\movie magic screenwriter\netpub.exe
| [DETECTION] Contains a detection pattern of the (dangerous)
| backdoor program BDS/Hupigon.Gen Backdoor server programs
| [INFO] The file was deleted!
|

Have Dave:

Besides the Trojans, you have BDS/Hupigon.Gen (assuming it isn't a False
Positive).

Not Good :-(


Download and execute HiJack This! (HJT)
http://www.trendsecure.com/portal/en-US/threat_analytics/HJTInstall.exe

Create a HJT log file and post it in one of the below locations...
Include the Avira log you provided.

{ Please - Do NOT post the HJT Log here ! }

Forums where you can get expert advice for HiJack This! (HJT) logs.

NOTE: Registration is REQUIRED in any of the below before posting a log

Suggested primary:
http://www.thespykiller.co.uk/index.php?board=3.0

Suggested secondary:
http://www.bleepingcomputer.com/forums/forum22.html
http://castlecops.com/forum67.html

Suggested tertiary:
http://www.dslreports.com/forum/cleanup
http://www.cybertechhelp.com/forums/forumdisplay.php?f=25
http://www.atribune.org/forums/index.php?showforum=9
http://www.geekstogo.com/forum/Malware_Removal_HiJackThis_Logs_Go_Here-f37.html
http://gladiator-antivirus.com/forum/index.php?showforum=170
http://forum.networktechs.com/forumdisplay.php?f=130
http://forums.maddoktor2.com/index.php?showforum=17
http://www.spywarewarrior.com/viewforum.php?f=5
http://forums.spywareinfo.com/index.php?showforum=18
http://forums.techguy.org/f54-s.html
http://forums.tomcoyote.org/index.php?showforum=27
http://forums.subratam.org/index.php?showforum=7
http://www.5starsupport.com/ipboard/index.php?showforum=18
http://www.malwarebytes.org/forums/index.php?showforum=7
http://makephpbb.com/phpbb/viewforum.php?f=2
http://forums.techguy.org/54-security/
http://forums.security-central.us/forumdisplay.php?f=13



--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp



Posted by David De on March 8, 2008, 2:49 pm
Please log in for more thread options
> Have Dave:
>
> Besides the Trojans, you have BDS/Hupigon.Gen (assuming it isn't a False
Positive).
>
> Not Good :-(
>
> Download and execute HiJack This!
(HJT)http://www.trendsecure.com/portal/en-US/threat_analytics/HJTInstall.exe


Tried to download, but when running, I get this error "The NTVDM CPU
has encountered an Illegal Instruction. CS0dd5 IP:0255 OP:65 63 75 72
65 Choose Close to terminate the application. I will have to try in
SAFE mode to see what happens.

>
> Create a HJT log file and post it in one of the below locations...
> Include the Avira log you provided.
>
> { Please - Do NOT post the HJT Log here ! }
>
> Forums where you can get expert advice for HiJack This! (HJT) logs.
>
> NOTE: Registration is REQUIRED in any of the below before posting a log
>
> Suggested primary:http://www.thespykiller.co.uk/index.php?board=3.0

For this board, where do I post the hijack log?


>
> Suggested
secondary:http://www.bleepingcomputer.com/forums/forum22.htmlhttp://castlecops.com/forum67.html
>
> Suggested
tertiary:http://www.dslreports.com/forum/cleanuphttp://www.cybertechhelp.com/forums/forumdisplay.php?f=25http://www.atribune.org/forums/index.php?showforum=9http://www.geekstogo.com/forum/Malware_Removal_HiJackThis_Logs_Go_Her...http://gladiator-antivirus.com/forum/index.php?showforum=170http://forum.networktechs.com/forumdisplay.php?f=130http://forums.maddoktor2.com/index.php?showforum=17http://www.spywarewarrior.com/viewforum.php?f=5http://forums.spywareinfo.com/index.php?showforum=18http://forums.techguy.org/f54-s.htmlhttp://forums.tomcoyote.org/index.php?showforum=27http://forums.subratam.org/index.php?showforum=7http://www.5starsupport.com/ipboard/index.php?showforum=18http://www.malwarebytes.org/forums/index.php?showforum=7http://makephpbb.com/phpbb/viewforum.php?f=2http://forums.techguy.org/54-security/http://forums.security-central.us/forumdisplay.php?f=13
>
> --
> Davehttp://www.claymania.com/removal-trojan-adware.html
> Multi-AV -http://www.pctipp.ch/downloads/dl/35905.asp


Posted by Malke on March 8, 2008, 3:53 pm
Please log in for more thread options
David De wrote:

> For this board, where do I post the hijack log?

You don't. David was very clear and I'll repeat it: do not post HijackThis
logs to the Microsoft public newsgroups. It takes a great deal of time and
expertise to analyze HJT logs and there are privacy issues. Instead, choose
one of the specialty forums listed below, register, read their posting FAQ,
and post your HJT log there. Not here.

http://aumha.org/downloads/hijackthis.zip
http://www.aumha.org/a/hjttutor.htm - HijackThis tutorial by Merijn
http://www.bleepingcomputer.com/forums/index.php?showtutorial=42 - another
tutorial
http://aumha.net/ - Click on the HijackThis forum. Read the announcement and
the stickies *first*.
http://www.atribune.org/forums/index.php?showforum=9
http://aumha.net/viewforum.php?f=30
http://www.bleepingcomputer.com/forums/forum22.html
http://castlecops.com/forum67.html
http://www.dslreports.com/forum/cleanup
http://www.cybertechhelp.com/forums/forumdisplay.php?f=25
http://www.geekstogo.com/forum/Malware_Removal_HiJackThis_Logs_Go_Here-f37.html
http://gladiator-antivirus.com/forum/index.php?showforum=170
http://spywarewarrior.com/viewforum.php?f=5

Malke
--
MS-MVP
Elephant Boy Computers
www.elephantboycomputers.com
Don't Panic!

Posted by pcbutts1 on March 8, 2008, 4:51 pm
Please log in for more thread options
Privacy issue's? Not true.


--

Newsgroup Trolls. Read about mine here http://www.pcbutts1.com/downloads
The list grows. Leythos the stalker http://www.leythosthestalker.com, David
H. Lipman, Max M Wachtell III aka What's in a Name?, Fitz, Beauregard T.
Shagnasty,Rhonda Lea Kirk, Meat Plow, F Kwatu F, George Orwell




> David De wrote:
>
>> For this board, where do I post the hijack log?
>
> You don't. David was very clear and I'll repeat it: do not post HijackThis
> logs to the Microsoft public newsgroups. It takes a great deal of time and
> expertise to analyze HJT logs and there are privacy issues. Instead,
> choose
> one of the specialty forums listed below, register, read their posting
> FAQ,
> and post your HJT log there. Not here.
>
> http://aumha.org/downloads/hijackthis.zip
> http://www.aumha.org/a/hjttutor.htm - HijackThis tutorial by Merijn
> http://www.bleepingcomputer.com/forums/index.php?showtutorial=42 - another
> tutorial
> http://aumha.net/ - Click on the HijackThis forum. Read the announcement
> and
> the stickies *first*.
> http://www.atribune.org/forums/index.php?showforum=9
> http://aumha.net/viewforum.php?f=30
> http://www.bleepingcomputer.com/forums/forum22.html
> http://castlecops.com/forum67.html
> http://www.dslreports.com/forum/cleanup
> http://www.cybertechhelp.com/forums/forumdisplay.php?f=25
> http://www.geekstogo.com/forum/Malware_Removal_HiJackThis_Logs_Go_Here-f37.html
> http://gladiator-antivirus.com/forum/index.php?showforum=170
> http://spywarewarrior.com/viewforum.php?f=5
>
> Malke
> --
> MS-MVP
> Elephant Boy Computers
> www.elephantboycomputers.com
> Don't Panic!


Posted by David De on March 8, 2008, 6:33 pm
Please log in for more thread options

> > David De wrote:
>
> >> For this board, where do I post the hijack log?

I meant the spykiller group, not this one - I should have been
clearer.

After posting there, I have done the combofix and updated the log file
for HJT on there - just waiting for a response
http://thespykiller.co.uk/index.php?topic=6134.0
I am not sure if the combofix gets rid of the virus or not, or is it
just a diagnostic tool?


>
> > You don't. David was very clear and I'll repeat it: do not post HijackThis
> > logs to the Microsoft public newsgroups. It takes a great deal of time and
> > expertise to analyze HJT logs and there are privacy issues. Instead,
> > choose
> > one of the specialty forums listed below, register, read their posting
> > FAQ,
> > and post your HJT log there. Not here.
>

Similar ThreadsPosted
cannot delete trojan file July 6, 2005, 2:08 pm
Hackern.ini file = virus/trojan ? November 15, 2006, 5:31 pm
avg found a virus called downloader.tibs October 4, 2006, 5:06 pm
New Messenger Virus called:" img0012-www.photostorage " September 13, 2007, 10:04 pm
HOSTS File FAQ - Testing the HOSTS File November 5, 2005, 11:21 am
Zip File Virus *HELP* June 28, 2006, 1:05 pm
File disappeared May 21, 2007, 6:01 pm
unknown file... April 12, 2008, 7:15 pm
Puzzling log file contents November 23, 2005, 12:48 am
hosts file "missing" February 21, 2006, 3:48 pm

Our other projects:

Art Dolls, Fairies and Mermaids - Sunnyfaces.net

Roy's Linux, Programming and Search Engines messages

1-Script XML SitemapXML Sitemap