MSSSerfin120.fon in my user folder?

Discussion in 'Malware Help (A Specialist Will Reply)' started by kraken, Mar 5, 2013.

  1. kraken

    kraken Private E-2

    Hi
    I'm new here. I just had an encounter with my email being hijacked sending spam. I use McAfee and Avast antivirus programs and did a scan of my entire system with both programs. Both said there were 0 infected files but I didn't believe it. I looked at the log and noticed dozens of files that the programs could not access because they were PW protected and noticed most were in my user's Temp folder. I looked in my user account and saw this file MSSSERFIN120.fon and got suspicious. I did an internet search and this comes up as a trojan that is very difficult to remove according to the search. I looked at the properties of the file and it says it's manufactured by the Microsoft Corp. and my computer recognizes it as legitimate. I also understand that trojans usually are disguised as legitimate programs and having this file in my user account still raises a red flag.
    I am reading and ready to begin the steps in your Malware Removal Guide but I just want to be sure I'm doing the right thing and not overreacting to something that is supposed to be there which I just haven't noticed before. Can someone tell me one way or the other if I should continue or if this is a necessary/legitimate program?

    Thank You!
     
    kraken, Mar 5, 2013
    #1
  2. kraken

    kraken Private E-2

    I ran the "Read and Run me first" series and followed all directions. I've attached all of the log reports here. I still see the MSSSERIF120.fon file in my "User" account but when I right click it it now has an "install" option in the menu. I did not try to delete anything from the scans or otherwise and have everything saved in a common folder on my desktop. What should I do now? Next step?

    My computer isn't running slow, but I am concerned about personal information/security since this is on my work computer and I do business online as well from here.

    Thank you! I really appreciate your help and the service you provide!
     

    Attached Files:

    kraken, Mar 6, 2013
    #2
  3. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Welcome to Major Geeks!

    Other than what was already fixed, your log are bascially clean. However you can rerun Hitman and if it still shows the below items, you can have it fix/delete this junk
    Code:
    Malware remnants ____________________________________________________________
   C:\Users\michelle\AppData\LocalLow\ShoppingReport2\ (Adware.Hotbar)
   C:\Users\michelle\AppData\LocalLow\ShoppingReport2\cs\ (Adware.Hotbar)
   C:\Users\michelle\AppData\LocalLow\ShoppingReport2\cs\Config.xml (Adware.Hotbar)
   HKLM\SOFTWARE\Classes\Interface\{A1F1ECD3-4806-44C6-A869-F0DADF11C57C}\ (Adware.Hotbar)
Potential Unwanted Programs _________________________________________________
   HKLM\SOFTWARE\Classes\s\ (Softonic)
    It is just a font file from something you have installed at some time. Font files are not really supposed to be in you base C:\Users\michelle folder so if you see it there you should just delete it.


    Also delete the below file:
    C:\Windows\Tasks\PC Optimizer Pro startups.job
     
    chaslang, Mar 8, 2013
    #3
  4. kraken

    kraken Private E-2

    THANK YOU SO MUCH! This forum is such a godsend! Take care
     
    kraken, Mar 8, 2013
    #4
  5. kraken

    kraken Private E-2

    I just tried to delete the font file (again) and I keep getting the same message of "The action cannot be completed because the file is open in another program. Close the file and try again." It keeps giving me this message even after I close everything. Should I be concerned?
     
    kraken, Mar 8, 2013
    #5
  6. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Not really. As I stated before
    If you don't know what application is using it, you will hav a hard time figuring out what to shutdown and you could impact the application.

    You could try booting in safe mode and then try deleting it. Many things do not load/run in safe mode so it may work. The if you don't run into any problems running any of your programs, you can just not worry about it. If it comes back, something you run may need it.
     
    chaslang, Mar 9, 2013
    #6

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds