msn problem (msmsgs.exe)

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by bakalarko, Nov 30, 2006.

  1. bakalarko

    bakalarko Private E-2

    Hi i would like to thank you for help in advance!
    I am new in using HJT but i read all about using, removing, sending logs etc.

    I am using avast antivirus program and ad-aware. When i got this worm, avast! sent nice message "your computer is infected, no reason to panic, please select one of the following steps to procede... Move to chest,delete, rename and move ". I tried all of the above and still says... that file i was trying to move, del or rename is USED by ANOTHER program, i didnt know which till i came to this site...

    i had like more then 100 infected files when i scaned with ad-aware which removed most of them but 3 left.... so says avast and ad-aware... the thing is i cant remove them, and avast stopped to response to them, only if i dont tell him where they are when scanning with ad aware... which is funny cuz then (when scanning) aware stops working and like freezes and avast warning message pops out...

    i used HJT and discovered msmsgs.exe which you will notice in my log ! also, i have to say that the program which didnt allowed me to del viruse was MSN mes. which i deleted.... still viruses/worms dont want to leave and i dont know what to do... i believe that i should fix the "msmsgs.exe" else... i am lost

    plz help me:confused: :eek: and tell me either to fix, or just... you know... kill it (comp) and can i use msn ever again?

    i am planning on reinstalling it. is it wise?

    I apologize for such a long and probably boring post, but all i need is answer on my problem, thanks to all who are willing to help me.

    Thanks!
     

    Attached Files:

  2. DavidGP

    DavidGP MajorGeeks Forum Administrator - Grand Pooh-Bah Staff Member

    Hi and Welcome


    Hijackthis is only one part of the malware removals process, it cannot scan and find all malware on your PC which is why to assist you fully in removing whatever malware you have we will need you to complete the below guide steps ( the initial cleaning steps are crucial ) and then attach all the logs requested,



    Please follow our standard cleaning procedures which are necessary for us to provide you support. Also there are steps included for installing, running, and posting HijackThis logs as attachments.
    • Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support
    • Make sure you check version numbers and get all updates.
    • Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.
    • After doing ALL of the above you still have a problem make sure you have booted to normal mode and run the steps in the below link to properly use HijackThis and attach a log:
    Downloading, Installing, and Running HijackThis

    Make sure you also rename HijackThis.exe as suggested in the procedures. Use analyse.exe for the new name. This is very important due to some new infections going around.




    • When you return to make your next post, make sure you attach the following logs and that you have run these scans in the following order too:
      • CounterSpy
      • AVG Antispyware log - ONLY IF NEEDED you were not able to run CounterSpy
      • Bitdefender - from step 6
      • Panda Scan - from step 6
      • runkeys.txt - the log from GetRunKey.bat
      • newfiles.txt - the log from ShowNew.bat
      • HijackThis
    NOTE: You can only attach 3 files in a single message so it will require that you use two messages to attach all of these logs!
     
  3. bakalarko

    bakalarko Private E-2

    well i read the terms and tried toscan but, during the downloading avast! window popus up and says that "worm" is trying to download to my comp but he stopped it and to be safe i got to press abort connection... when i do that scanning stops... :S what should i do? i mean i cant let one more virus on my comp. i know it says its safe in READ & RUN ME FIRST ... but i just dont know

    is it ok if i download the avg, panda, and bit and install them, start programs, do the check and send log files? is it possible?
     
  4. bakalarko

    bakalarko Private E-2

    huh well ... sorry for spamming so much here with posts but i really want to get rid of that virus... or more...

    i had pozitive scan with spybotso far.... i hope you'll answer me on first post so i know should i procede... i already downloaded all the programs (coounter,bit and panda - i stopped avast during scans)
     
  5. DavidGP

    DavidGP MajorGeeks Forum Administrator - Grand Pooh-Bah Staff Member

    Hi

    If you were trying to scan with Online Panda Scan and AVAST popped up an alert to a virus, then its a false positive

    Do not download trials of Panda or Birdefender to install on your PC as they will conflict with Avast, which is why we recomend the Online versions of the Scanners only, ( they do install ActiveX components which are OK ).

    Do remember to do the scans in the order laid out in the guide and good luck :)
     
  6. bakalarko

    bakalarko Private E-2

    i am currently scanning my comp with bit defender online scanner and ... it will take additional 2 hour (even more) for complete scan.

    i'll post logs asap!

    i am not sure for this bitdefender cuz it says it deletes files if he cant disinfect them whats cool, but... does it really works? and huh is it safe?

    thanks for help :)
     
  7. bakalarko

    bakalarko Private E-2

    here are 3/3 logs

    Spybot (i dont know if you need it or not)
    BitDefender
    AVG

    i suprised when i saw all the scans... first of all, every and each showed different, there were some matches but only 5-6 and most results were like avg more then 380, bitdefender 7, ad aware 3, avast 3, spybot about 15 (of a kind)
    ... so kinda confused... i also had a tracking cookie named sexcounter ???? lol i never go porn sites... all i do is online games... and i use protection ^^

    still.... like i said, all started with my msn... all my contacts are blocked and i cant unblock them, says that it could harm other clients...

    Notice: i got bit log as a html file... so i copied all in .txt and posted !i hope its ok

    ...also i already posted the log from HJT scanning in my first post, just so you dont forget... ^^ it was before the scanning and all :S .... the trouble

    ah:eek: :mad:
     

    Attached Files:

  8. bakalarko

    bakalarko Private E-2

    Panda scan results
    HJT
    and something i think the snownew
     

    Attached Files:

  9. bakalarko

    bakalarko Private E-2

    and runkeys ^^
     

    Attached Files:

  10. bakalarko

    bakalarko Private E-2

    huh i would like at least a post... i just want to know is there any chance for me to remove those viruses from my comp or not... because i dont know what i am dealing with....

    plz answer my as soon as possible... ty in advance... (if logs are wrong, or i did something wrong plz notify me)
     
  11. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    No!!!!! We don't want you to change them into text. It make them too hard to read. Just follow the directions that are given in the procedures and you would get the proper log. The proper log is an HTML formatted file that has a .txt extension so that it can be uploaded here as an attachment. If you still have the HTML formatted file just change it so that it has a .txt extension and attach it.

    HijackThis logs have to be obtained AFTER all the other steps are completed otherwise what is in the log before running the other scans may not be in it afterwards.

    Why do your Spybot and AVG logs show that you are Ignoring everything? There is no sense in running the scans unless you are going to allow them to fix what they find. Run them again and let them fix what they find. And no we don't need Spybot logs unless specifically requested.

    It also looks to me like you skipped or did not do step 2 of the READ & RUN ME properly. Please do it again.
    It also looks like you never ran CCleaner on all user accounts as requested and that is why you logs are clutter with all the information on cookies which are not problems and we did not want to see them. Thus that is why we asked for CCleaner to be run. In fact you did not run Ccleaner at all since it is not even installed and since your Temp folders have lots of old files in them. Things will go faster if you would please follow directions. As the READ ME tells you right in the beginning, skipping steps only hurts you! It also makes it take longer to get your problems fixed.
     
    Last edited: Dec 4, 2006
  12. bakalarko

    bakalarko Private E-2

    huh... ok i'll start from the beginning ... but i just want to say something first.
    That is, i ran spybot i after scanning i pressed fix button and then immunize just like it says in "introduction" in spybot... i showed me that he immunized system from some viruses (like carpe diem, openconnection,.. etc.)

    secondly, i ran avg, and after scanning, saved log (twice), then on default it said Ignore once, i switched to Delete except one program which i know for, and i put on him Ignore once order... so i dont see why are logs saying different (i dont know why because i know what i clicked...)

    also, avast said he deleted some files which on THE end were not... i again dont know why, and i also tried to delete some manually and said used by another program for i which i dont know (only msn) and connection to net i closed when i was trying to delete him... i will run all cleaners again and online asap...

    i am CONFUSED, i know that i am hurting myself if i dont do all the steps bu belive me i did... anyway.... i would like that you tell me what to do, bec
     
  13. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    I just telling you what is reported in the logs you attached. Look at them yourself. They show that you did not fix anything. Did you save the Spybot log before fix the problems. If so, you should save the log after you fix the problems. And in AVG you had it Ignore everything rather than fix everything. Again check the log youself.

    Without seeing a detailed log showing what Avast is reporting and without seeing the names and locations of what files you are manually deleting, I cannot make any comments since I have no idea what you are referring to.

    No you did not! Your log from ShowNew (which is the newfiles.txt log) indicated the CCleaner is not even installed. That means it was never run and that is why I made those comments. Install CCleaner and run it now as instucted in the READ & RUN ME.

    Please attach the HTML formatted log from Bitdefender so I can read what it found mor e easily.

    Based on what you have given me thus far I don't see any major issues. I just see a few things reported by Panda that you can delete.

    Files in the Panda log to delete:
    C:\Documents and Settings\sven\Local Settings\Temp\ins12.exe
    C:\Documents and Settings\sven\Local Settings\Temp\kd1bkup.exe
    C:\Program Files\Mozilla Firefox\plugins\npclntax.dll

    And as far as Windows Messenger (this is the msmgs.exe file you mentioned) you can just use the below program to remove Windows Messenger completely:

    Disable/Remove Windows Messenger
     

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds