Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: msconfig.exe trojan?

07 Jul 2010   #1
plout

windows 7 home premium 64bit
 
 
msconfig.exe trojan?

Hello guys,i use malwarebytes to scan my laptop and everytime lately finds the same problems which deletes but reappear.
Here are the results:

Malwarebytes' Anti-Malware 1.46
Malwarebytes

Database version: 4288

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

08/07/2010 03:26:02
mbam-log-2010-07-08 (03-26-02).txt

Scan type: Quick scan
Objects scanned: 126992
Time elapsed: 4 minute(s), 52 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hkcu (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Users\mina\AppData\Roaming\msconfig\msconfig.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\mina\AppData\Roaming\logs.dat (Bifrose.Trace) -> Quarantined and deleted successfully.
C:\Users\mina\AppData\Local\Temp\UuU.uUu (Malware.Trace) -> Quarantined and deleted successfully.
C:\Users\mina\AppData\Local\Temp\XxX.xXx (Malware.Trace) -> Delete on reboot.


i typed msconfig the first time and appeared:
Yes HKCU:Run BrowserChoice "C:\Windows\System32\browserchoice.exe" /run

Yes HKLM:Run IAStorIcon C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
Yes HKLM:Run ISBMgr.exe "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"
Yes HKLM:Run McENUI C:\PROGRA~2\McAfee\MHN\McENUI.exe /hide
Yes HKLM:Run NortonOnlineBackupReminder "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
Yes HKLM:Run PMBVolumeWatcher C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
Yes HKLM:Run MarketingTools C:\Program Files (x86)\Sony\Marketing Tools\MarketingTools.exe
Yes HKLM:Run mcagent_exe "C:\Program Files (x86)\McAfee.com\Agent\mcagent.exe" /runkey
Yes HKLM:Run Adobe Reader Speed Launcher "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
Yes HKLM:Run Adobe ARM "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
Yes HKLM:Run SunJavaUpdateSched "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
Yes HKLM:Run Malwarebytes Anti-Malware (reboot) "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
Yes HKLM:Run IgfxTray C:\Windows\system32\igfxtray.exe
Yes HKLM:Run HotKeysCmds C:\Windows\system32\hkcmd.exe
Yes HKLM:Run Persistence C:\Windows\system32\igfxpers.exe
Yes HKLM:Run RtHDVCpl C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
Yes HKLM:Run Apoint %ProgramFiles%\Apoint\Apoint.exe
Yes Startup Common Bluetooth.lnk C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe


plus another HKCU(which i try to unclick at the startup) where it said No next to it but i can't find it anymore.It was

somekind of msconfig.exe facebook hack..a programm like that

and i also deleted a file folder :msconfig,size:432KB and origin:Roaming

Any suggestions?
Tha antivirus can't find anything.


My System SpecsSystem Spec
.

09 Jul 2010   #2
zigzag3143

Win 8 Release candidate 8400
 
 

Quote   Quote: Originally Posted by plout View Post
Hello guys,i use malwarebytes to scan my laptop and everytime lately finds the same problems which deletes but reappear.
Here are the results:

Malwarebytes' Anti-Malware 1.46
Malwarebytes

Database version: 4288

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

08/07/2010 03:26:02
mbam-log-2010-07-08 (03-26-02).txt

Scan type: Quick scan
Objects scanned: 126992
Time elapsed: 4 minute(s), 52 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hkcu (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Users\mina\AppData\Roaming\msconfig\msconfig.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\mina\AppData\Roaming\logs.dat (Bifrose.Trace) -> Quarantined and deleted successfully.
C:\Users\mina\AppData\Local\Temp\UuU.uUu (Malware.Trace) -> Quarantined and deleted successfully.
C:\Users\mina\AppData\Local\Temp\XxX.xXx (Malware.Trace) -> Delete on reboot.


i typed msconfig the first time and appeared:
Yes HKCU:Run BrowserChoice "C:\Windows\System32\browserchoice.exe" /run

Yes HKLM:Run IAStorIcon C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
Yes HKLM:Run ISBMgr.exe "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"
Yes HKLM:Run McENUI C:\PROGRA~2\McAfee\MHN\McENUI.exe /hide
Yes HKLM:Run NortonOnlineBackupReminder "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
Yes HKLM:Run PMBVolumeWatcher C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
Yes HKLM:Run MarketingTools C:\Program Files (x86)\Sony\Marketing Tools\MarketingTools.exe
Yes HKLM:Run mcagent_exe "C:\Program Files (x86)\McAfee.com\Agent\mcagent.exe" /runkey
Yes HKLM:Run Adobe Reader Speed Launcher "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
Yes HKLM:Run Adobe ARM "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
Yes HKLM:Run SunJavaUpdateSched "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
Yes HKLM:Run Malwarebytes Anti-Malware (reboot) "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
Yes HKLM:Run IgfxTray C:\Windows\system32\igfxtray.exe
Yes HKLM:Run HotKeysCmds C:\Windows\system32\hkcmd.exe
Yes HKLM:Run Persistence C:\Windows\system32\igfxpers.exe
Yes HKLM:Run RtHDVCpl C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
Yes HKLM:Run Apoint %ProgramFiles%\Apoint\Apoint.exe
Yes Startup Common Bluetooth.lnk C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe


plus another HKCU(which i try to unclick at the startup) where it said No next to it but i can't find it anymore.It was

somekind of msconfig.exe facebook hack..a programm like that

and i also deleted a file folder :msconfig,size:432KB and origin:Roaming

Any suggestions?
Tha antivirus can't find anything.

I am afraid this isnt going to be much help, but anytime I get anything that even remotely smells like a virus, I do a clean install. It is the only way to be sure it is gone.

Ken
My System SpecsSystem Spec
09 Jul 2010   #3
Dinesh

Windows® 8 Pro (64-bit)
 
 

Scan your computer with Hitman Pro.
Download link: Downloads - SurfRight
My System SpecsSystem Spec
.


09 Jul 2010   #4
plout

windows 7 home premium 64bit
 
 

Quote   Quote: Originally Posted by Dinesh View Post
Scan your computer with Hitman Pro.
Download link: Downloads - SurfRight
thank you for this program

here are the results:

BODY{font:x-small 'Verdana';margin-right:1.5em} .c{cursor:hand} .b{color:red;font-family:'Courier New';font-weight:bold;text-decoration:none} .e{margin-left:1em;text-indent:-1em;margin-right:1em} .k{margin-left:1em;text-indent:-1em;margin-right:1em} .t{color:#990000} .xt{color:#990099} .ns{color:red} .dt{color:green} .m{color:blue} .tx{font-weight:bold} .db{text-indent:0px;margin-left:1em;margin-top:0px;margin-bottom:0px;padding-left:.3em;border-left:1px solid #CCCCCC;font:small Courier} .di{font:small Courier} .d{color:blue} .pi{color:blue} .cb{text-indent:0px;margin-left:1em;margin-top:0px;margin-bottom:0px;padding-left:.3em;font:small Courier;color:#888888} .ci{font:small Courier;color:#888888} PRE{margin:0px;display:inline} - <Log computer="MINA-VAIO" scan="Normal" version="3.5.6.106" date="2010-07-09T21:58:29" timeSpentInSecs="108" filesProcessed="12926">
- <Item type="Repair" score="0.0" status="Deleted">
<File path="C:\Users\mina\AppData\Roaming\Microsoft\Windows\Cookies\mina@atdmt[2].txt" />

</Item>


- <Item type="Malware" malwareName="Trojan" score="112.0" status="Deleted">
- <Scanners>
<Scanner id="G Data" name="Trojan.Generic.4129350 (Engine-A)" />

<Scanner id="Prevx" name="High Risk System Back Door" />

<Scanner id="DrWeb" name="BackDoor.IRC.Bot.370" />

</Scanners>


<File path="C:\Users\mina\AppData\Roaming\msconfig\msconfig.exe" hash="9EC272C13474DA8AAE34CE3A6AF003FB4E7E515689D05F26F5C6F27161CE169D" />

- <Startup>
<Key path="HKU\S-1-5-21-2082827157-3937510034-990673929-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU" />

</Startup>


</Item>


</Log>





it's a trojan.I'll restart the pc to see if it's gone.
My System SpecsSystem Spec
09 Jul 2010   #5
plout

windows 7 home premium 64bit
 
 

Excellent!Malwarebytes doesn't find it anymore

Allthough found these,but i don't know if it's the new programm installed

Malwarebytes' Anti-Malware 1.46
Malwarebytes

Database version: 4288

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

09/07/2010 22:14:45
mbam-log-2010-07-09 (22-14-45).txt

Scan type: Quick scan
Objects scanned: 126886
Time elapsed: 5 minute(s), 10 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Users\mina\AppData\Roaming\logs.dat (Bifrose.Trace) -> Quarantined and deleted successfully.
C:\Users\mina\AppData\Local\Temp\UuU.uUu (Malware.Trace) -> Quarantined and deleted successfully.
C:\Users\mina\AppData\Local\Temp\XxX.xXx (Malware.Trace) -> Quarantined and deleted successfully.
My System SpecsSystem Spec
09 Jul 2010   #6
Dinesh

Windows® 8 Pro (64-bit)
 
 

The virus is deleted.
My System SpecsSystem Spec
Reply

 msconfig.exe trojan?




Thread Tools





Similar help and support threads
Thread Forum
Trojan called 'Trojan.Generic.2582177' on my system
Hi, I have Window7 Ultimate 64 bit on my system. I use Bitfender as my antivirus software. This morning it informed me that it has found a file infected with a virus called 'Trojan.Generic.2582177' which it cannot clean. I've contacted Bitfender to see if they know what I should do but haven't...
System Security
msconfig
hi guys. what recommended leaving things ticked on start up on msconfig i just looked ive got loads ticked. hope u can help matty
Performance & Maintenance
MSConfig help please
Could someone help me w/some MSConfig entries please? Can I stop the Service: AMD External Events Utility w/o any problems sprouting up? Can I disable/remove the Startup entries: netsession_win.exe & kdbsync.exe w/o any problems sprouting up?
Performance & Maintenance
msconfig.exe
I am curious,if I disable non MS services & start up for drivers.Would it cause problems? Like intel media accelerator(chipset/graphics),realtek wifi,sound etc.
Performance & Maintenance
Trojan:Win32/FakeSpypro & Trojan:JS/FakeSpypro
A little help,please.Got this trojan earlier.It disabled MSE,MBAM,Internet,CCleaner,and pretty much anything .exe.Claimed everything was infected...so says whatever fake AV program that came with it.(I wish I could figure out how to use the indention tool here)I had to restart,open task manager...
System Security
Msconfig
Hello all im using 7 and for some reason when i got to run/msconfig it never remmber my old history i have to type msconfig all the time
Customization

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd

All times are GMT -5. The time now is 02:16.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App