Virus.. Please help

rsta

Hi there,

I think that I've got a virus on my laptop. I've got a Dell inspiron 1300 and of the 4 lights on the front left hand side of the laptop the 2nd one is flashing very fast. this is not normal... the symbol for that light looks like a little barrel or something (its between the power symbol and the battery symbol)

I've ran a stinger search for a virus and ran the AVG scan too and nothing has come up.

I restarted and this message came up as a pop-up:

Msmsgs.exe – Application Error
The instruction at “0x77e7c118” referenced memory at “0x000e5120”. The memory could not be “written”.
Click on OK to terminate the program

Then I did a system restore and the light is still flashing...

This message came up before I restarted again said something similar to above message but instead it was

jusched.exe
and similar writing which i didnt get time to write down.

Please help... I'm afraid of getting a dialler or some other awful virus.

BopNiblets

That's the hard drive light, it means something is reading or writing something from your hard drive (which is very normal) and should be completely harmless depending on what applications you're using.

Msmsgs.exe is just MSN Messenger and justsched.exe is a useless Java thing that runs at startup.

Update your AVG and maybe download Adaware and Spybot (see software stickied thread) then update them and scan, it doesn't sound like a virus to me.
I also recommend SpywareBlaster, it blocks and prevents all kinds of nasty stuff from getting in in the first place.

Also, if you don't have a Firewall already, Comodo is good, link in my sig.

sozbox

Hi,

Both those processes are completely safe.
Msmsgs.exe is related to MSN Messenger and jusched.exe is related to Java.

I really doubt you have a virus, instead I suspect a hardware problem, RAM related perhaps.
Have you added any extra hardware recently?

For starters, download Memtest86+ and test your RAM for defects. The page has a number of download options, I usually recommend the floppy or USB version.

Post back if you need more help.

rsta

Thanks Bop and Jason.

I left my laptop alone for about 10 mins and my sister came in and closed down the scan I was doing and logged me off so she could check her flippin email... :mad:

So don't know where I am now.. going to run scan again.

I been searching on the net and found this check out this link:

http://www.neuber.com/taskmanager/process/msmsgs.exe.html

so now that has worried me.. what do you think??

ActorSeeksJob

Doesn't sound like you have a virus, but if you want to be 100% sure then a HJT log will tell us all we need to know.

Please download the self-extracting version of HijackThis from here:

HijackThis_sfx download

Save HijackThis_sfx to your desktop.

Double-click the file then click the Unzip button. Then close the Self-Extractor window.

Using My Computer/Windows Explorer, navigate to C:\Program Files\HijackThis and double click on HijackThis.exe to run it. If you would like to make a shortcut for your Desktop so it's more easily accessable, right click HijackThis.exe and choose Send To > Desktop (create shortcut).

Please run the extracted HijackThis.exe from now on. Delete any copies of HijackThis.zip that you have saved.

Open HijackThis and click Do a system scan and save a log file. Copy the entire contents of that log and post it here

sozbox

This us useful if you ever need information on a running Windows process.

rsta

Logfile of HijackThis v1.99.1
Scan saved at 18:34:08, on 15/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\NetWaiting\netWaiting.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre1.5.0_08\bin\jucheck.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ie/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ie/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.euro.dell.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [Dell Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Rsta\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by14fd.bay14.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5F8A33E7-6A32-4EE0-887A-134C627CB052} (Easy Upload Tool Combo Control) - http://llyn.myphotoalbum.com/EasyUploadTool.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe



....here's hoping

5uspect

Running AVG and Mcafee together is probably not a good idea.
Can cause conflicts...

ActorSeeksJob

Nothing wrong with your pc mate. Also while malware can try name itself like legit programs, eg Msmsgs.exe which can be bad, you can see in the log below that you have the legit proper MSMGS.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

There's a few housekeeping things we can do.

You now need to update your Java and remove your older versions.
Please follow these steps to remove older version Java components.

* Click Start > Control Panel.
* Click Add/Remove Programs.
* Check any item with Java Runtime Environment (JRE) in the name.
* Click the Remove or Change/Remove button.

Download the latest version of Java Runtime Environment (JRE) 6, and install it to your computer.
http://java.sun.com/javase/downloads/index.jsp
Download Java Runtime Environment (JRE) 6u1 > Accept License Agreement > Download Windows Offline Installation, Multi-language jre-6u1-windows-i586-p.exe 13.16 MB

Your using an old version of Adobe Acrobat Reader, this can leave your pc open to vulnerabilities, you can update it here :
http://www.adobe.com/products/acrobat/readstep2.html

Also like the person above said, it's a very bad idea to run two anti-virus programs @ once. It can lead to conflicts and slow your pc down a lot. I recommend you uninstall McAfee. So go to start > control panel > add or remove programs > remove McAfee or AVG anti-virus

rsta

ActorSeeksJob wrote:

There's a few housekeeping things we can do.

You now need to update your Java and remove your older versions.
Please follow these steps to remove older version Java components.

* Click Start > Control Panel.
* Click Add/Remove Programs.
* Check any item with Java Runtime Environment (JRE) in the name.
* Click the Remove or Change/Remove button.

Download the latest version of Java Runtime Environment (JRE) 6, and install it to your computer.
http://java.sun.com/javase/downloads/index.jsp
Download Java Runtime Environment (JRE) 6u1 > Accept License Agreement > Download Windows Offline Installation, Multi-language jre-6u1-windows-i586-p.exe 13.16 MB

Thanks Actor, i've removed the old java and added the new as above. Except I picked the online version.... Should I remove it and pick the off line one??

ActorSeeksJob wrote:

Your using an old version of Adobe Acrobat Reader, this can leave your pc open to vulnerabilities, you can update it here :
http://www.adobe.com/products/acrobat/readstep2.html

Also like the person above said, it's a very bad idea to run two anti-virus programs @ once. It can lead to conflicts and slow your pc down a lot. I recommend you uninstall McAfee. So go to start > control panel > add or remove programs > remove McAfee or AVG anti-virus

Cheers for the link to Adobe, I updated with that link you gave me.

But I've gotten into a problem with McAfee, it wont let me remove it. I've tried to but it says its runs into a problem and won't delete.

Thanks so much for all the help.

ActorSeeksJob

Na either version of java is fine. Let me get back to you concerning McAfee, you may have to get rid of AVG instead..

rsta

Grand thanks,
also I deleted that Stng programe I had too cos it doesn't seem to be much good.

ActorSeeksJob

Try this for McAfee, click Start > Run > Type Services.msc > click ok > find McAfee WSC Integration > right click it, click properties > go down to Start up type and change it to disabled.

Do these exact same steps for these :

McAfee Task Scheduler
McAfee SecurityCenter Update Manager

Then reboot your pc, go to Add or Remove Programs, and remove McAfee Security Center/mcafee.com or whatever its called.

Tell me if this works.

rsta

I did exactly as stated above. But the following message is displayed after I try to uninstall/remove

An error occurred while uninstalling McAfee SecurityCentre



I've deleted AVG from the desktop already and uninstalled it from the Add/Remove programe

5uspect

TBH AVG is much better than McAfee, it has a smaller performance foot print, and its free so you won't run into the "i'll buy the subscription next month" trap and get caught with a virus.

Like Norton, its a bitch to get rid of, just like a virus...

EDIT msnmgs.exe is an unnecessary part of windows (its not msn messenger which is msnmgr.exe) and can just be disables in services.


Also to uninstall McAfee you may meed to do it in safe mode which can be accesses by hitting F8 at the BIOS splash screen.

ActorSeeksJob

This link should work for getting rid of McAfee
http://ts.mcafeehelp.com/displaydoc.asp?frames=1&docid=408302&CategoryId=107187

If this works, redownload AVG anti-virus and install it again
Tell me if you got rid of McAfee, if you did, then also post a new HijackThis log here

rsta

Actor,

Finally got around to doing that link to remove McAfee. I think it worked.

Thanks a million for all the help. Very much appreciated. I'll keep this thread handy.

5uspect

Don't forget to put AVG back on!

ActorSeeksJob

no problem at all mate. good to hear that ya finally got rid of mcafee(im not a fan of their software). Below I have included a number of recommendations for how to protect your computer against malware infections.

* To reduce re-infection for malware in the future, I strongly recommend installing these free programs:
SpywareBlaster protects against bad ActiveX
IE-SPYAD puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all

* SpywareGuard offers realtime protection from spyware installation attempts.

* I recommend the following anti-spyware programs to protect yourself against spyware, make sure you only use one real-time anti-spyware protection program though :
AVG anti-spyware
Spybot - Search and Destroy
Ad-Aware SE Personal

* Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more
secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up
blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from
Here

* Some good free firewalls are ZoneAlarm, Kerio, or
Outpost
Make sure you only use one firewall though. A tutorial on understanding and using firewalls may be found here.

Here are some good programs, make sure you only use one though :
AVG makes an excellent free antivirus client, as do AntiVir or avast!.

* Take a good look at the following suggestions for malware prevention by reading Tony Klein’s article 'How Did I Get Infected In The First Place'
Here

I use SpywareGuard, SpywareBlaster, AVG anti-spyware, and Kaspersky anti-virus and I have never had any trouble in years.

rsta

Ah I totally forgot to post a big Thank You at the end of this post...

So Thanks for all your help. I'm confident now my comp is safe and sound.

I've got AVG7 Anti-virus reinstalled, zonealarm firealarm and Ad-Aware SEPersonal Anti-spyware. Happy out I think.

Cheers