msmsgs.exe taking up 99% of CPU

Discussion in 'Malware Help (A Specialist Will Reply)' started by DTS, Apr 14, 2006.

  1. DTS

    DTS Private E-2

    Hey guys, I'm having a problem where if I leave my computer for a couple hours then come back "msmsgs.exe" will be taking up 99% of my CPU and everything runs very slow. I actually have to restart my machine in order to get everything running correctly.

    I've actually closed msmsgs.exe out in task manager only to have it come back a few seconds later.

    Do you guys know what could be the cause of this file hogging my CPU, and how can I get rid of this problem?

    Thank you
     
  2. DTS

    DTS Private E-2

    By the way, I know this file is Windows Messenger and I've actually disabled it from starting at startup and I've actually tried removing it by editing it's .ini file (to remove the "hide" line) that way I could see it in the add/remove programs list.

    Alas, none of those remedies have actually totally removed this program.
     
  3. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Well actually it could be anyone of the below three items depending on where it is running from:
    1. Windows Messenger
    2. MSN Messenger
    3. Malware (often found in C:\Windows\System32 or C:\Windows or a subfolder of C:\Documents and Settings)
    Please run the below tool which run very quickly and attach the runkeys.txt log.

    Using GetRunKey
     
  4. DTS

    DTS Private E-2

    Hey Chaslang, for some reason I can't get that download. It says something about how I'm either not logged in or I don't have permission to access the page.
     
  5. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Then you must not be logged in! Are you using FireFox? If so, try using Internet Explore instead.
     
  6. DTS

    DTS Private E-2

    Alright, the runkey log should be attached.
     

    Attached Files:

  7. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    I see no signs of msmsgs.exe loading at startup. If you are still having problems and suspect malware, you will have to follow the below steps so we can get to the heart of your problem.

    Please follow our standard cleaning procedures which are necessary for us to provide you support. Also there are steps included for installing, running, and posting HijackThis logs as attachments.
    • Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support
    • Make sure you check version numbers and get all updates.
    • Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.
    • After doing ALL of the above you still have a problem make sure you have booted to normal mode and run the steps in the below link to properly use HijackThis and attach a log:
    • When you return to make your next post, make sure you attach the following logs and that you have run these scans in the following order too (these scans are covered in steps 6 & 7 of the READ & RUN ME sticky)
      • Bitdefender
      • Panda Scan
      • HijackThis
    .
     
  8. DTS

    DTS Private E-2

    Ok, here are the logs.

    I followed the tutorials and scanned my PC with every suggested program. The BitDefender did find a trojan downloader and got rid of it but I accidently closed out the window before saving that log (I'm a severe newb, I know, sorry). Then I scanned again with BitDefender and it didn't find any viruses so I'm uploading that "clean" log, since it's all I've got at the moment.

    Other than that I got rid of msmsgs.exe by going into Norton Antivirus options and disabling protection of MSN messenger. After I did that msmsgs.exe no longer showed up in the Task Manager and for the most part it's no longer on my system, which is great because I hate msn messenger anyways. ;)

    And now I have another problem; I've got Internet Explorer spyware that doesn't want to go away. Both Panda and Adaware keep finding spyware after each time I use Internet Explorer. This problem has been going on for a little while actually. I normally use Opera but whenever I have to use IE to access IE-only websites (i.e. to use Panda and BitDefender) I get these cookies from websites called "Tribalfusion.com" and "live365.com". Panda even found one that I wasn't aware of called "ISTbar". You should see evidence of this spyware in the Activescan log.
     
  9. DTS

    DTS Private E-2

    Edit: The scan logs
     

    Attached Files:

  10. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Cookies are not problems to be concerned with. You will get cookies anytime you surf. If they bother you, they are easily removed from your browser. You do not need special tools to remove cookies but you can use Ccleaner and similar to do this too. Just be aware that many cookies serve useful purposes and you could be removing things you want. Your HJT log is clean.

    As far as ISTbar being detected by Panda, since it gives no registry location, we cannot do anything to try to fix it. We don't even know if the detection is valid. In most cases when Panda reports something like this, they are just benign left overs that you don't need to be concerned with. However, you can try the below registry patch to see if we can get luck and remove it. All of the below keys are things ISTbar may add to the registry.

    Copy the bold text below to notepad. Save it as fixIST.reg to your desktop (yes overwrite the previous one). Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

     
  11. DTS

    DTS Private E-2

    I used the registry patch you posted above and it seems to have fixed the ISTbar problem because Panda no longer detects ISTbar. Panda still keeps finding that Tribalfusion "spyware" though (I believe it's just that annoying cookie), but apparently it's a low threat and I suppose I can temporarily get rid of it by deleting it and by not using Internet Explorer.

    Other than that Tribalfusion nonesense, all of my problems seem to be fixed.
     
  12. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    I discussed this in my last message. You are getting the Tribalfusion cookie from Majorgeeks! They are not issues to be concerned with.

    If you are not having any other malware problems, it is time to go back to step 1 of the READ & RUN ME to Disable System Restore which will flush your Restore Points. Then reboot and enable System Restore to create a new clean Restore Point.

    After that, you should work thru the below link:

    How to Protect yourself from malware!
     

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds