MSA.exe Virus is Killin' Me...

I'm at my wit's end, folks. If any resident genius can help me out I'd be grateful, to say the least.

I managed to pick up one nasty virus called MSA.exe. This little beauty seems to then install the smaller files a.exe, b.exe and c.exe. It renders all of my anti-virus and anti-spyware programs useless; I can't even create a log file to post here. I can still send and receive e-mail, and my browser (Firefox) works most of the time, although searching via Google is hijacked and certain sites won't load.

For the record, I'm running Win XP. I wish I could offer greater information, but there's nothing more (that I'm aware of) I might add. Your thoughts and recommendations would be very much appreciated. I'd much prefer to resolve this increasingly exasperating without having to crash and re-install the system.

Many thanks in advance for your wise counsel.

 

Many thanks, Tim.

AVPFind ran without difficulty, I'm happy to report. Here are the findings as per the log:


Note: The source of the infection is definitely on the C:\ drive. However, as you can see, nothing beyond a whole lot of cookies were detected. The three trojans it found are false positives. (I got the same report with AVG; however, they were proven to be harmless). I've had those files for close to a year, so obviously they are not at the root of the recently acquired problem. Otherwise, the cookies have been deleted and the computer rebooted.

MGTools reacted the same way as all of my installed anti-virus and anti-spyware apps. Which is to say it loads, then disappears in less than two seconds. Couldn't run this one.

I sincerely appreciate your assistance, Tim. I also look forward to any comments and recommendations you offer. Thank you.

= Richard =
MadWriter

 

Hmmmmm ... I followed your directions and ran each of the applications you recommended. (With the exception of MGtools, which quickly loaded and disappeared). I was surprised to discover that SUPERAntispyware supplied a lengthy log.

I gathered all of the info and posted it in this thread ... however, I don't see it. Tried to post it again and was told that it's a duplicate post. Please advise.

Edit: the post is now up. Kindly ignore the message about it being a no-show. Impatience is NOT a virtue.

 

Man, am I stupid or what? I'm going to assume the two logs I attached to the previous message can be viewed at your end. Don't see them here in the thread, but hopefully that's a non-issue.

Also moved MGtools to another directory on the C drive, hit the analyze.exe file and was rewarded with a log, attached here along with the first two (just in case the last attempt failed). As previously stated, I'm about to run the other two programs now.

 

Here's the Avenger log:

 

Back in an hour. You didn't have any other plans tonight, did you?

 

MGlog.zip attached as requested.

 

The new and improved MGtools, run from the C drive with no directory involvement is attached.

When it finished, this error message was on the screen, presumably in reference to zipping up hijackthis.log: This application failed to initialize properly (0x0000135). Click OK to terminate application.

Out for a couple of hours, looking forward to anything you might have to report. Gracias, amigo.

 

To Tim and anyone else following this particular adventure: I'm delighted to report that I've made some progress today. Don't completely understand every aspect, but no matter ... it's results that count.

Being unable to run any of my installed anti-virus and anti-spyware programs or utilize the restore system tool, an e-mail from CNET made the difference. The message was that AVG 9 had just been released. Since AVG 8.5 wasn't working for me, I figured what the hell, let's download the new version and see what happens.

I was pleasantly surprised that my infected system allowed me to install the new program (it had blocked every attempt to update or use those already installed). Even more exciting was the fact that AVG 9 made it all the way through from start to finish.

It found 8 files in the System Volume Information directory and decreed them as problematic. Tried to remove them, but the program ignored my requests. The designated files remained stubbornly in place.

So, I decided to uninstall then reinstall the non-working program Malwarebytes' Anti-Malware. To my amazement, that's all it took. It too found the same 8 infected files that AVG did. I tried to remove them and this time was successful. Hazzah!

I'm doing the same with all of my other anti-junk programs. However, in several cases, the install programs aren't completing the task. In those instances, I receive an error message, tell me that the app. has insufficient privileges to modify. (For instance, when it comes to Reimage Repair, I get that message about the Reimage.exe file. With Driver Scanner, it's the same deal with the program-starting file therein).

As well, there's one program (can't quite figure out which one) that continues attempting to open and run; within 10 seconds, it's shutting down. There is nothing visible the entire time ... I say this based on the audio system sounds I'm hearing.

Not quite sure how to rectify that, but I now have my firewall back in action and the aforementioned anti-virus and anti-spyware programs. That makes me happy.

My sincere and grateful thanks to Tim W. for the time and attention you put into this. Your guidance proved to be most valuable.

I wish all who are in the "screwed up computer" boat nothing but success in defeating the garbage that plagues us all. If nothing else, the experts here know what they're doing indeed.

= Richard Berger =
(No Longer Mad) Writer