possible unknown virus/trojan/malware?

Discussion in 'Malware Help (A Specialist Will Reply)' started by thebatpeople, Mar 18, 2008.

  1. thebatpeople

    thebatpeople Private E-2

    I put together a computer from spare parts. The hard drive already had Win XP SP1 on it. I dumped everything but the operating system. I loaded some programs I had from another computer on to it. Perhaps a couple of days after I left it up & running, I got a series of pop-ups. I took screenshots, zipped & attached them. Every scanner I have run on the system does not detect any virus/malware. I am about ready to format the drive to get rid of it but I was hoping to save the OS since I don't have an XP system disc. Plus it might be lodged in the MBR and I can't remember how to clear that. Anyway, some help would be greatly appretiated.

    Here is my original post:
    http://forums.majorgeeks.com/showthread.php?t=153720

    Also, Combotools would stall out and I am guessing because it couldn't kill the pop-up. I finally got it to run by restarting the computer and running Combo before the pop-up returned.
     

    Attached Files:

    Last edited: Mar 18, 2008
    thebatpeople, Mar 18, 2008
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You forgot the log from SUPERAntispyware; however I don't think we need it. It is quite possible that you popups are just due to having an old non-updated version of Win XP running which still has Windows Messenger installed.

    Run this Disable/Remove Windows Messenger to remove Windows Messenger. Do not confuse Windows Messenger with MSN Messenger because they are not the same. Windows Messenger is a frequent cause of popups.

    Did the above help.
     
    chaslang, Mar 18, 2008
    #2
  3. thebatpeople

    thebatpeople Private E-2

    Didn't forget to add it but I forgot to mention that there wasn't one created that I could add. I will recheck the options and see if maybe the default was for no log, then run it again.

    I tried the tool but got an error while running it.

    Error Unregistering the OCX 16422

    I clicked ok and it claimed Messenger was removed but I am still getting the pop-ups.
     
    thebatpeople, Mar 19, 2008
    #3
  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You need to create the log per the instructions given.


    Run C:\MGtools\analyse.exe by double clicking on it. This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

    After clicking Fix, exit HJT.


    Let's make sure.
    1. Copy the boldface sentence below. (To copy the sentence, highlight it with your mouse, right-click it, and choose Copy from the pop-up menu.)
      • RunDll32 advpack.dll,LaunchINFSection%windir%\INF\msmsgs.inf,BLC.Remove
    2. Click the Start button, choose Run, and paste the sentence into the "Open" box. (To paste it, right-click inside the "Open" box and choose Paste.)
    3. Close your Internet browser, MSN, Windows Messenger, and Outlook Express, if they're running.
    4. Now click the Run window's OK button.
    5. Now restart your PC.
    Are you still getting popups? If so, do they occur if no browsers and no email programs are opened? Do they occur if you boot your PC in safe mode?
     
    chaslang, Mar 20, 2008
    #4
  5. thebatpeople

    thebatpeople Private E-2

    I remember why I didn't create the SAS log. It didn't detect anything. Attached the new scan.

    Did the Hijack This.

    I ran the last part and got an error in the Rundll:
    Error in advpack
    Missing entry

    When do the pop-ups occure?
    Anytime. First time I noticed them the computer had been sitting idle for a couple of days. They will start about 5 minutes after boot up whether you run anything or not. If I don't click ok for each one, I get a back log of them.
     

    Attached Files:

    thebatpeople, Mar 21, 2008
    #5
  6. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Goto the below folder using Windows Explorer:

    C:\Program Files\Messenger

    Now locate the msmsgs.exe file and right click on it and select rename. Change the name to msmsgs.eee

    Also if you see this file MSMSGSIN.EXE rename it to MSMSGSIN.EEE

    Now reboot your PC.

    Are you still getting popups? Did you get any error messages after reboot? If you did, give me the exact message.

    And as I asked last time which you did not answer, do they occur in safe boot mode?
     
    chaslang, Mar 21, 2008
    #6

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds