Msocache - virus?

Hi all

I've checked threads for something similar, but can't find anything. This is a combination of, informational, plus a couple of questions regarding something I fixed the other day.
I won't post a log yet, because I believe it has gone, however may add one later if someone recognises this, and suggests a specific tool to try.


A buddy asked me to come round and take a look at their PC the other day, as they were not connecting to the internet. When I arrived, I found some of the usual symptoms. Slow start up, can't access task manager, but right key access was still good.
It was also coming up with some messages telling me to update the virus software, but AVG was on it and working, as far as i could tell.

First I ran CCleaner and noticed a dubious exe (sorry guys, i did not note down the name), amongst a couple of other unnecessary startup items, which I removed. Rebooted, and it was still slow.
Started in safe mode as administrator, ran CCleaner and the dubious one was there again, so removed it again. I also tracked down the folder it was in and deleted that.
When I rebooted, my friends PC automatically starts an explorer browser, but we were told there were connection problems however, firefox was ok.
I updated AVG and ran a complete virus check. Whilst it was running, I noticed it spent ages on a hidden folder called C:/Msocache. I read some stuff on that, and then chose to delete it manually. When I attempted to delete the whole contents, I was prompted that one was in use, and the rest were deleted. However when I clicked OK, a load of new files had been created. Something I experienced on a virus 5 years back. Via a combination of explorer, and dos commands, i removed the complete folder.
I let AVGs scan run to completion, and it didn't find anything.
I checked the IE settings and found it set to a proxy server, so turned that off then all appeared ok.

The questions are, has anyone had a similar experience and, if so:-

1. what was the virus called?
2. did you use a specific tool to remove it?

Sadly the problem was caused because people always want to try other virus software. As well as buying some, which is now going spare, I think they'd probably gone to some website and downloaded some "virus" software, which was itself a virus.


I cannot tell my buddies enough, ONE anti virus program is enough. Don't try and install another unless you really know what you are doing, and ensure you disable the other completely. First rule of computing, if it aint broke, don't fix it!
Run CCleaner at least once a month. More with heavy use. This has got to be one of the best pieces of software around at the moment, and as soon as this damned recession is over for me, I shall be sending them a contribution.
And Defrag your system drive regularly. The heavier your use, the more you should run it. Leave it going overnight if necessary

 

This was the fella KB915865.exe http://vil.nai.com/vil/content/v_143653.htm, so it looks as though I must remove the registry keys and autorun.inf file too.
Any further advice?

 

Thanks Tim, but I don't think you read my note completely.
You send me a welcome message, when i have been a member of this forum 2 1/2 years.

As I said, my post was mostly informational. I have pretty much got rid of the problem, with a combination of my experience, a defunct forum I used before, and of course what I have picked up from majorgeeks. I think the content showed I was starting in safe mode, running ccleaner from your readme etc thread, and I am not asking you to analyse a log.

But there were two specific questions for members, not necessarily an MG expert.
One question I was able to find myself, and posted, but one is outstanding.
Is there a specific tool for this virus, which appears to be the W32/Autorun.worm.aw virus?

 

Thanks Tim. I must confess, I fix so many machines, I don't always go through the complete readme first, checking for changes and additions. What I've picked up here, and other places over the years, is normally enough. Although I do generally check every month or so, and update your recommended tools on my memory stick.

Glad to say what I had done last week was sufficient. They gave me a scare saying they had IE problems again, but when I checked today, it was just their ADSL is so slow, insufficient RAM, combined with excessive use of Farmville on Facebook!

I shall give Autoeater a try.

I also tried out the current version of http://www.cpuid.com/pcwizard.php which was pretty useful for identifying their Motherboard, from which I could work out how much more RAM their machine would take.
Comes highly rated my my local magazine http://www.pctipp.ch/ for any German speaking members, and http://download.cnet.com/PC-Wizard-2010/3000-2094_4-10793737.html, and of course here.

 

BTW, I got the name from the McAfee link I posted, although the autorun.inf was not present in my case

 

I already said, something did remove it, me! I was asking about a specific tool, but I got rid of it manually.

Malwarebytes? We have windows firewall, defender, and avg installed. I'm pretty certain avg warned him, but he ignored it, hence my comments at the end of the first post

 

MG hosts plenty of apps that do the same! Not sure as to why you are linking on MG.

Then there's the problem PBKAC.

As Tim mentioned - prolly not a specific tool to cleanse it. But kudos to your manual work

Could have also run any of the AV online scanners which disinfect as well.

 

err, because it was a recommendation, supported by a local site I have a lot of faith in.
Just because of my status, doesn't mean I don't know what I'm talking about.
I see a lot of forums like this, where members status is based on quantity, rather than quality. And I have seen some pretty inane responses, from so called Major Geeks. Present company excepted, probably!

 

My apologies. Intention was not to offend. Just that from a very specific malware question you linked to hard ware detection and benchmarking utilities.
Honestly I'm here to learn like most of us. My post count and designation have no bearing/reflection on my ability. Cheers and peace out...

 

No offence taken, but it doesn't take too long to read the thread before, and it was fairly obvious it was a recommendation. How else does stuff get chosen to be on here? If there is a route, perhaps you could explain.

But both malware and hardware have impacts on speed. It is generally slowness, particularly at start up, that is one of the first signs of a virus. Having also discovered their RAM was low, I ran the utility to identify what the board was, and subsequently how much it would take. It didn't appear that the PC Wizard tool I used is on here, and it was highly rated by the two sites i mentioned, so I plugged it for the benefit of all members.