0

My friend got a virus on his computer some time ago. Its called MSRun32.exe, and it is absolutely wreaking havoc on his computer. Really, if it were any slower, time would be going backwards for it. I got rid of the virus, but I hadn't realized at the time that it also infects USB drives, which was plugged in to the computer.
After getting rid of it, I plugged it in again, and CATASTROPHE struck... its become painfully slow... again.... I ran ComboFix and here is the log::

ComboFix 08-12-28.03 - Administrator 2008-12-29 17:51:01.1 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1252.1.1033.18.503.317 [GMT 5.5:30]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Administrator\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\autorun.inf
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\windows\system32\autorun.ini
c:\windows\system32\com.run
c:\windows\system32\dp1.fne
c:\windows\system32\eAPI.fne
c:\windows\system32\gasretyw0.dll
c:\windows\system32\gasretyw1.dll
c:\windows\system32\internet.fne
c:\windows\system32\og.dll
c:\windows\system32\og.edt
c:\windows\system32\RegEx.fnr
c:\windows\system32\shell.fne
c:\windows\system32\spec.fne
c:\windows\system32\ul.dll
D:\Autorun.inf
D:\Shortcut to Turbo C++ IDE.pif
D:\xih9.cmd

----- BITS: Possible infected sites -----

hxxp://nxpagent.airtelbroadband.in
.
(((((((((((((((((((((((((   Files Created from 2008-11-28 to 2008-12-29  )))))))))))))))))))))))))))))))
.

2008-12-26 13:17 . 2008-02-04 12:25	1,900,305	-rahs----	c:\windows\system32\MsRun32.exe
2008-12-26 13:17 . 2008-02-04 12:25	1,900,305	--a------	c:\windows\MsRun32.exe
2008-12-23 15:42 . 2008-12-23 15:42	<DIR>	d--------	c:\windows\Sun
2008-12-23 14:29 . 2008-12-23 14:29	<DIR>	d--------	c:\documents and settings\Administrator\Application Data\KillProcess
2008-12-22 19:50 . 2008-02-04 12:25	1,900,305	--a------	c:\windows\MsR2.exe.byebye
2008-12-22 13:50 . 2008-12-22 13:50	16,244	--a------	c:\windows\system32\rrt_is.wav
2008-12-22 13:50 . 2008-12-22 13:50	7,302	--a------	c:\windows\system32\rrt_vf.wav
2008-12-22 13:50 . 2008-12-22 13:50	7,148	--a------	c:\windows\system32\rrt_tv.wav
2008-12-22 13:50 . 2008-12-22 13:50	6,282	--a------	c:\windows\system32\rrt_tn.wav
2008-12-22 12:39 . 2008-12-22 12:39	<DIR>	d--------	c:\program files\Trend Micro
2008-12-22 12:31 . 2008-12-22 12:31	<DIR>	d--------	c:\program files\Malwarebytes' Anti-Malware
2008-12-22 12:31 . 2008-12-22 12:31	<DIR>	d--------	c:\program files\CCleaner
2008-12-22 12:31 . 2008-12-22 12:31	<DIR>	d--------	c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-22 12:31 . 2008-12-22 12:31	<DIR>	d--------	c:\documents and settings\Administrator\Application Data\Malwarebytes
2008-12-22 12:31 . 2008-12-03 19:52	38,496	--a------	c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-22 12:31 . 2008-12-03 19:52	15,504	--a------	c:\windows\system32\drivers\mbam.sys

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-29 12:14	---------	d-----w	c:\documents and settings\All Users\Application Data\avg7
2008-12-29 12:14	---------	d-----w	c:\documents and settings\Administrator\Application Data\AVG7
2008-12-22 07:22	---------	d-----w	c:\program files\Yahoo!
2008-11-22 08:11	---------	d-----w	c:\documents and settings\Administrator\Application Data\dvdcss
2008-11-21 14:09	---------	d-----w	c:\program files\Google
2008-11-17 20:04	2,306,113	----a-w	c:\windows\system32\GPhotos.scr
2008-11-08 07:36	16,896	--sh--w	c:\windows\system32\winocreg.exe
2008-08-15 09:26	44,937,600	----a-w	c:\program files\S-CNX2__-200WF-NSAEN.exe
2008-02-04 06:55	1,900,305	--sha-r	c:\windows\system32\MsRun32.exe
2001-12-31 18:34	15,872	--sh--w	c:\windows\system32\winqcreg.exe
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-04 1667584]
"MSN Messengger"="c:\windows\system32\MsRun32.exe" [2008-02-04 1900305]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2002-10-15 155648]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-02 3739648]
"nxpclient"="c:\program files\Airtel\NetXpert\bin\sprtcmd.exe" [2007-12-06 202016]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_03\bin\jusched.exe" [2005-04-13 36975]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-07-23 185896]
"SoundMan"="SOUNDMAN.EXE" [2005-12-14 c:\windows\soundman.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 1241088]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\iPMS.exe]
"Debugger"=dummy.dat

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\iPMS20.exe]
"Debugger"=dummy.dat

[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=c:\documents and settings\Administrator\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=c:\windows\pss\LimeWire On Startup.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
-ra------ 2002-10-15 20:35 114688 c:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
--a------ 2008-05-27 21:58 4269296 c:\program files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
--a------ 2007-06-18 15:10 271360 c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZoneTick]
--a------ 2008-07-08 16:14 319488 d:\program files\ZoneTick\zonetick.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

R2 sprtsvc_nxpclient;SupportSoft Sprocket Service (nxpclient);c:\program files\Airtel\NetXpert\bin\sprtsvc.exe /service /p nxpclient []
R2 ZTime;ZoneTick Time;"d:\program files\ZoneTick\timesync.exe" [2008-07-08 61440]
R3 slnt;Silan SC92031 PCI Fast Ethernet Adapter;c:\windows\system32\DRIVERS\slnt.sys [2002-01-01 18004]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{107dc408-cff6-11dd-9387-00e020753450}]
\Shell\AutoRun\command - F:\MsRun32.exe
\Shell\Open\command - F:\MsRun32.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2d516f32-ad67-11dd-930e-00e020753450}]
\Shell\AutoRun\command - F:\sq.com
\Shell\explore\Command - F:\
\Shell\open\Command - F:\sq.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8caf9cda-fe1c-11d5-9137-92faa5631e75}]
\Shell\AutoRun\command - F:\MsRun32.exe
\Shell\Open\command - F:\MsRun32.exe

*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder

2001-12-31 c:\windows\Tasks\At1.job
- c:\windows\system32\s853dhk7.exe []

2008-09-26 c:\windows\Tasks\At10.job
- c:\windows\system32\s853dhk7.exe []

2008-08-30 c:\windows\Tasks\At11.job
- c:\windows\system32\s853dhk7.exe []

2008-12-24 c:\windows\Tasks\At12.job
- c:\windows\system32\s853dhk7.exe []

2008-12-24 c:\windows\Tasks\At13.job
- c:\windows\system32\s853dhk7.exe []

2008-12-29 c:\windows\Tasks\At14.job
- c:\windows\system32\s853dhk7.exe []

2008-12-23 c:\windows\Tasks\At15.job
- c:\windows\system32\s853dhk7.exe []

2008-12-28 c:\windows\Tasks\At16.job
- c:\windows\system32\s853dhk7.exe []

2008-12-24 c:\windows\Tasks\At17.job
- c:\windows\system32\s853dhk7.exe []

2008-12-29 c:\windows\Tasks\At18.job
- c:\windows\system32\s853dhk7.exe []

2008-11-22 c:\windows\Tasks\At19.job
- c:\windows\system32\s853dhk7.exe []

2001-12-31 c:\windows\Tasks\At2.job
- c:\windows\system32\s853dhk7.exe []

2008-12-28 c:\windows\Tasks\At20.job
- c:\windows\system32\s853dhk7.exe []

2008-12-28 c:\windows\Tasks\At21.job
- c:\windows\system32\s853dhk7.exe []

2008-12-23 c:\windows\Tasks\At22.job
- c:\windows\system32\s853dhk7.exe []

2008-12-23 c:\windows\Tasks\At23.job
- c:\windows\system32\s853dhk7.exe []

2008-12-14 c:\windows\Tasks\At24.job
- c:\windows\system32\s853dhk7.exe []

2001-12-31 c:\windows\Tasks\At25.job
- c:\windows\system32\fscC6137.exe []

2001-12-31 c:\windows\Tasks\At26.job
- c:\windows\system32\fscC6137.exe []

2001-12-31 c:\windows\Tasks\At27.job
- c:\windows\system32\fscC6137.exe []

2008-09-11 c:\windows\Tasks\At28.job
- c:\windows\system32\fscC6137.exe []

2001-12-31 c:\windows\Tasks\At29.job
- c:\windows\system32\fscC6137.exe []

2001-12-31 c:\windows\Tasks\At3.job
- c:\windows\system32\s853dhk7.exe []

2001-12-31 c:\windows\Tasks\At30.job
- c:\windows\system32\fscC6137.exe []

2001-12-31 c:\windows\Tasks\At31.job
- c:\windows\system32\fscC6137.exe []

2001-12-31 c:\windows\Tasks\At32.job
- c:\windows\system32\fscC6137.exe []

2008-12-24 c:\windows\Tasks\At33.job
- c:\windows\system32\fscC6137.exe []

2008-09-26 c:\windows\Tasks\At34.job
- c:\windows\system32\fscC6137.exe []

2008-08-30 c:\windows\Tasks\At35.job
- c:\windows\system32\fscC6137.exe []

2008-12-24 c:\windows\Tasks\At36.job
- c:\windows\system32\fscC6137.exe []

2008-12-24 c:\windows\Tasks\At37.job
- c:\windows\system32\fscC6137.exe []

2008-12-29 c:\windows\Tasks\At38.job
- c:\windows\system32\fscC6137.exe []

2008-12-23 c:\windows\Tasks\At39.job
- c:\windows\system32\fscC6137.exe []

2008-09-11 c:\windows\Tasks\At4.job
- c:\windows\system32\s853dhk7.exe []

2008-12-28 c:\windows\Tasks\At40.job
- c:\windows\system32\fscC6137.exe []

2008-12-24 c:\windows\Tasks\At41.job
- c:\windows\system32\fscC6137.exe []

2008-12-29 c:\windows\Tasks\At42.job
- c:\windows\system32\fscC6137.exe []

2008-11-22 c:\windows\Tasks\At43.job
- c:\windows\system32\fscC6137.exe []

2008-12-28 c:\windows\Tasks\At44.job
- c:\windows\system32\fscC6137.exe []

2008-12-28 c:\windows\Tasks\At45.job
- c:\windows\system32\fscC6137.exe []

2008-12-23 c:\windows\Tasks\At46.job
- c:\windows\system32\fscC6137.exe []

2008-12-23 c:\windows\Tasks\At47.job
- c:\windows\system32\fscC6137.exe []

2008-12-14 c:\windows\Tasks\At48.job
- c:\windows\system32\fscC6137.exe []

2008-12-05 c:\windows\Tasks\At49.job
- c:\windows\system32\38nEM6d2.exe [2008-07-11 23:56]

2001-12-31 c:\windows\Tasks\At5.job
- c:\windows\system32\s853dhk7.exe []

2008-12-05 c:\windows\Tasks\At50.job
- c:\windows\system32\38nEM6d2.exe [2008-07-11 23:56]

2008-07-11 c:\windows\Tasks\At51.job
- c:\windows\system32\38nEM6d2.exe [2008-07-11 23:56]

2008-09-11 c:\windows\Tasks\At52.job
- c:\windows\system32\38nEM6d2.exe [2008-07-11 23:56]

2008-07-11 c:\windows\Tasks\At53.job
- c:\windows\system32\38nEM6d2.exe [2008-07-11 23:56]

2008-07-11 c:\windows\Tasks\At54.job
- c:\windows\system32\38nEM6d2.exe [2008-07-11 23:56]

2008-07-11 c:\windows\Tasks\At55.job
- c:\windows\system32\38nEM6d2.exe [2008-07-11 23:56]

2008-07-11 c:\windows\Tasks\At56.job
- c:\windows\system32\38nEM6d2.exe [2008-07-11 23:56]

2008-12-24 c:\windows\Tasks\At57.job
- c:\windows\system32\38nEM6d2.exe [2008-07-11 23:56]

2008-09-26 c:\windows\Tasks\At58.job
- c:\windows\system32\38nEM6d2.exe [2008-07-11 23:56]

2008-08-30 c:\windows\Tasks\At59.job
- c:\windows\system32\38nEM6d2.exe [2008-07-11 23:56]

2001-12-31 c:\windows\Tasks\At6.job
- c:\windows\system32\s853dhk7.exe []

2008-12-24 c:\windows\Tasks\At60.job
- c:\windows\system32\38nEM6d2.exe [2008-07-11 23:56]

2008-12-24 c:\windows\Tasks\At61.job
- c:\windows\system32\38nEM6d2.exe [2008-07-11 23:56]

2008-12-29 c:\windows\Tasks\At62.job
- c:\windows\system32\38nEM6d2.exe [2008-07-11 23:56]

2008-12-23 c:\windows\Tasks\At63.job
- c:\windows\system32\38nEM6d2.exe [2008-07-11 23:56]

2008-12-28 c:\windows\Tasks\At64.job
- c:\windows\system32\38nEM6d2.exe [2008-07-11 23:56]

2008-12-24 c:\windows\Tasks\At65.job
- c:\windows\system32\38nEM6d2.exe [2008-07-11 23:56]

2008-12-29 c:\windows\Tasks\At66.job
- c:\windows\system32\38nEM6d2.exe [2008-07-11 23:56]

2008-11-22 c:\windows\Tasks\At67.job
- c:\windows\system32\38nEM6d2.exe [2008-07-11 23:56]

2008-12-28 c:\windows\Tasks\At68.job
- c:\windows\system32\38nEM6d2.exe [2008-07-11 23:56]

2008-12-28 c:\windows\Tasks\At69.job
- c:\windows\system32\38nEM6d2.exe [2008-07-11 23:56]

2001-12-31 c:\windows\Tasks\At7.job
- c:\windows\system32\s853dhk7.exe []

2008-12-23 c:\windows\Tasks\At70.job
- c:\windows\system32\38nEM6d2.exe [2008-07-11 23:56]

2008-12-23 c:\windows\Tasks\At71.job
- c:\windows\system32\38nEM6d2.exe [2008-07-11 23:56]

2008-12-14 c:\windows\Tasks\At72.job
- c:\windows\system32\38nEM6d2.exe [2008-07-11 23:56]

2008-12-10 c:\windows\Tasks\At73.job
- c:\windows\system32\im348Pwf.exe []

2008-12-05 c:\windows\Tasks\At74.job
- c:\windows\system32\im348Pwf.exe []

2008-07-23 c:\windows\Tasks\At75.job
- c:\windows\system32\im348Pwf.exe []

2008-09-11 c:\windows\Tasks\At76.job
- c:\windows\system32\im348Pwf.exe []

2008-07-23 c:\windows\Tasks\At77.job
- c:\windows\system32\im348Pwf.exe []

2008-07-23 c:\windows\Tasks\At78.job
- c:\windows\system32\im348Pwf.exe []

2008-07-23 c:\windows\Tasks\At79.job
- c:\windows\system32\im348Pwf.exe []

2001-12-31 c:\windows\Tasks\At8.job
- c:\windows\system32\s853dhk7.exe []

2008-07-23 c:\windows\Tasks\At80.job
- c:\windows\system32\im348Pwf.exe []

2008-12-24 c:\windows\Tasks\At81.job
- c:\windows\system32\im348Pwf.exe []

2008-09-26 c:\windows\Tasks\At82.job
- c:\windows\system32\im348Pwf.exe []

2008-08-30 c:\windows\Tasks\At83.job
- c:\windows\system32\im348Pwf.exe []

2008-12-24 c:\windows\Tasks\At84.job
- c:\windows\system32\im348Pwf.exe []

2008-12-24 c:\windows\Tasks\At85.job
- c:\windows\system32\im348Pwf.exe []

2008-12-29 c:\windows\Tasks\At86.job
- c:\windows\system32\im348Pwf.exe []

2008-12-23 c:\windows\Tasks\At87.job
- c:\windows\system32\im348Pwf.exe []

2008-12-28 c:\windows\Tasks\At88.job
- c:\windows\system32\im348Pwf.exe []

2008-12-24 c:\windows\Tasks\At89.job
- c:\windows\system32\im348Pwf.exe []

2008-12-24 c:\windows\Tasks\At9.job
- c:\windows\system32\s853dhk7.exe []

2008-12-29 c:\windows\Tasks\At90.job
- c:\windows\system32\im348Pwf.exe []

2008-11-22 c:\windows\Tasks\At91.job
- c:\windows\system32\im348Pwf.exe []

2008-12-28 c:\windows\Tasks\At92.job
- c:\windows\system32\im348Pwf.exe []

2008-12-28 c:\windows\Tasks\At93.job
- c:\windows\system32\im348Pwf.exe []

2008-12-23 c:\windows\Tasks\At94.job
- c:\windows\system32\im348Pwf.exe []

2008-12-23 c:\windows\Tasks\At95.job
- c:\windows\system32\im348Pwf.exe []

2008-12-14 c:\windows\Tasks\At96.job
- c:\windows\system32\im348Pwf.exe []
.
- - - - ORPHANS REMOVED - - - -

HKU-Default-RunOnce-FlashPlayerUpdate - c:\windows\system32\Macromed\Flash\GetFlash.exe
ShellExecuteHooks-{650CA63D-4A01-4BF8-A608-9B1EBB36292E} - (no file)
MSConfigStartUp-AVG7_CC - c:\progra~1\Grisoft\AVG7\avgcc.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://yahoo.com/
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = iexplore

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
TCP: {4771EFAF-B82F-48BC-936A-77C9A013592D} = 203.145.184.32,203.145.184.13
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\fskwpc8y.default\
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPJPI150_03.dll
FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPOJI610.dll
FF - plugin: c:\program files\Yahoo!\Shared\npYState.dll
.

**************************************************************************
scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 

scan completed successfully
hidden files: 

**************************************************************************
.
Completion time: 2008-12-29 17:53:58
ComboFix-quarantined-files.txt  2008-12-29 12:23:55

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

356

I also ran HiJack This, and nothing seemed to be wrong with it... although there was a reference to MSRun32.exe (F2) , which I removed. I also ran Malware bytes, although it did not pick up anything...

Could someone help me with this...?

[EDIT] The MSRun32.exe.byebye was done by me... I had renamed it in the hope that it could be deleted.

3
Contributors
3
Replies
4
Views
8 Years
Discussion Span
Last Post by caperjack
0

This infects the computer via USB media drives and instant messaging clients Yahoo! Instant Messenger and Microsoft Windows Live Messenger, AOL IM. You also have to clean the USB drive also, if you don't each time you plug it in you will re-infect the entire computer.
I also must again caution against using combofix unless first being directed to do so by a helper on a forum like this one. It is for use only in special circumstances, incorrect use can definitely damage key system files.
When you run these scans...anti-virus for one thing, MBA-M for another, they must be updated and scans must be run on ALL DRIVES INCLUDING the USB drive.

0

This infects the computer via USB media drives and instant messaging clients Yahoo! Instant Messenger and Microsoft Windows Live Messenger, AOL IM. You also have to clean the USB drive also, if you don't each time you plug it in you will re-infect the entire computer.
I also must again caution against using combofix unless first being directed to do so by a helper on a forum like this one. It is for use only in special circumstances, incorrect use can definitely damage key system files.
When you run these scans...anti-virus for one thing, MBA-M for another, they must be updated and scans must be run on ALL DRIVES INCLUDING the USB drive.

I was in fact aware that MSRun32.exe infects the computer via the USB/Flash drives. I got rid of it once, but at the time I hadn't realised my USB device was still attached to the computer. The next time I plugged it in to my computer, it re-infected it. I did run MBA-M on all drives(I have only C:, D: and the USB), but it did not show any virus or anything, even on the Full Scan.
Besides MSRun32.exe, there were several highly dangerous trojans, and viruses on it, like sq.com, which I thought need to be removed with combofix(I read this on another forum). After doing all these steps, I still have the virus on the computer...

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.