MSNGMS.exe

Hey guys i have got this file on my computer which is similar to a lot of the other msn viruses but as yet i have not been able to find a fix for it. What it does is creates conversation windows in msn saying things like hey its you and then offers a link to what appears to be some sort of profile. You click on it and your infected. This is what stupid me did as it came from one of my mates who i would normally trust.

Does anyone kow where to download a fix from?

 

Just delete the file, search for it and delete it!


http://www.majorgeeks.com/images/grenade.gif Download HijackThis 1.99.1

http://www.majorgeeks.com/images/grenade.gif Unzip the hijackthis.exe file to a folder you create named C:\Program Files\HJT

http://www.majorgeeks.com/images/grenade.gif Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the ZIP file as your backups will not be safely stored.

http://www.majorgeeks.com/images/grenade.gifBefore running HijackThis: You must close each of the following:your web browser, e-mail client, instant messenger, and programs like notepad, wordpad, MS Word etc. And any other unnecessary running programs.

http://www.majorgeeks.com/images/grenade.gifRun HijackThis and save your log file.

http://www.majorgeeks.com/images/grenade.gif Post your log as an ATTACHMENT to your next post. (Do NOT copy/paste the log into your post as it will be removed).

http://www.majorgeeks.com/images/grenade.gifNeed help with HJT? See this thread: NO HIJACK THIS LOG FILES BEFORE READING THIS: HJT Tutorial & LOG File Posting

 

Ok, im not at my computer right now but i know where it is located and it wont let me delete it, it is in C:windows/system32/msngms.exe

How do you go about deleting a system32 file?

 

Or was it msnmsg.exe, anyways any thoughts?

I guess all im asking is how do i delete it, it is a system32 file

 

This baddies usually comes with other problems, go ahead and start the READ ME and then post a HJT log.

 

Yeh thanx mate, im not at my CPU at the moment, im at work, but i will download that for sure tomorrow and ill post up the results

 

Okay! Will be awaiting your results.

 

Hey guys, this is what i returned on my log

 

Bump, coz i still have no idea

 

Download Pocket KillBox

Please boot into Safe Mode with the Viewing of Hidden Files & Folders Enabled

Now scan with HijackThis and Check the Boxes for the following:

O4 - HKLM\..\Run: [Msn Configuration Loader] msngms.exe
O4 - HKLM\..\RunServices: [Msn Configuration Loader] msngms.exe
O4 - HKCU\..\Run: [Msn Configuration Loader] msngms.exe
O4 - Global Startup: zonealarm.exe

O17 - HKLM\System\CCS\Services\Tcpip\..\{AC87A6A1-992A-4A8F-98BB-F60F69DC80E1}: NameServer = 203.0.178.191
(If you know this entry leave it, if not have HJT fix it)

Make sure All Browser Windows are Closed when you Click FIX.

Locate PocketKillbox

Now, Copy and Paste C:\WINDOWS\System32\msngms.exe into the box – If it exists, it will show up in Blue. Check the option to Delete on Reboot and Click the Red X and Yes to the confirmation message. A message will ask if you want to reboot now – Click NO.


NEXT:
Run CCleaner

Then, as an added precaution, Go to Start > Run and type: cleanmgr and then click OK. Make sure the boxes for these are checked:
Temporary Files
Temporary Internet Files
Recycle Bin

And Click OK.

Reboot to Normal Windows

After doing the above, please run these online scans!

TrendMicro Online Scan
Bitdefender online scan
RavAntivirus online scan <-- select Auto Clean then click Scan My PC
TrojanScan online scan


After doing these online scans, reboot and procede to the next step.
Scan with HijackThis and attach the new log.
Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now.

Good Luck!

 

Ok mate, all of that is done

This is what i returned

 

Scan with HJT have it fix these entries below:

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} -%windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

After fixing these entries, navigate to and delete this file:

C:\WINDOWS\web\related.htm

After doing all of the above, go to Windows Updates and download Service Pack 2.

 

Thanx for that mate, i will do that tonight.

Also ihave tried to download and install service pack 2 before but it wont let me install it for some reason. Says something along the lines of invalid product key

 

If this is the case, you will need to get a legitamate product key in order to install Service Pack 2. Without this major update you will continue to have problems.

 

OK mate ive done that, did u want another hijackthis file to be sure all is well?

If so, do u want it in safe mode or normal?

 

Yeah, go ahead and give me one last HJT log to confirm your clean.

Was you able to download and install SP2?

 

Im at work now but ill do another log when i get home. Do u want me to do the log in safe mode or normal?

Nah i didnt manage the sp2 update but i will get a valid product key and update as soon as i can find one

Thanx Again

 

Okay! HJT logs should be from normal mode.

 

Okay i ran it from normal mode and returned this log:

By the way all the other logs were run in safe mode - sorry

 

Your log is clean!

Also, the quicker you get SP2 installed the better, because without this critical update you will continue to have these problems.

You should see this article on How to Protect yourself from malware!

 

OK thanks mate, ill get onto that ASAP, thankyou very much

Regards

Chris

 

Your Welcome!