Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: msconfig.exe trojan?


07 Jul 2010   #1

windows 7 home premium 64bit
 
 
msconfig.exe trojan?

Hello guys,i use malwarebytes to scan my laptop and everytime lately finds the same problems which deletes but reappear.
Here are the results:

Malwarebytes' Anti-Malware 1.46
Malwarebytes

Database version: 4288

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

08/07/2010 03:26:02
mbam-log-2010-07-08 (03-26-02).txt

Scan type: Quick scan
Objects scanned: 126992
Time elapsed: 4 minute(s), 52 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hkcu (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Users\mina\AppData\Roaming\msconfig\msconfig.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\mina\AppData\Roaming\logs.dat (Bifrose.Trace) -> Quarantined and deleted successfully.
C:\Users\mina\AppData\Local\Temp\UuU.uUu (Malware.Trace) -> Quarantined and deleted successfully.
C:\Users\mina\AppData\Local\Temp\XxX.xXx (Malware.Trace) -> Delete on reboot.


i typed msconfig the first time and appeared:
Yes HKCU:Run BrowserChoice "C:\Windows\System32\browserchoice.exe" /run

Yes HKLM:Run IAStorIcon C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
Yes HKLM:Run ISBMgr.exe "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"
Yes HKLM:Run McENUI C:\PROGRA~2\McAfee\MHN\McENUI.exe /hide
Yes HKLM:Run NortonOnlineBackupReminder "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
Yes HKLM:Run PMBVolumeWatcher C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
Yes HKLM:Run MarketingTools C:\Program Files (x86)\Sony\Marketing Tools\MarketingTools.exe
Yes HKLM:Run mcagent_exe "C:\Program Files (x86)\McAfee.com\Agent\mcagent.exe" /runkey
Yes HKLM:Run Adobe Reader Speed Launcher "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
Yes HKLM:Run Adobe ARM "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
Yes HKLM:Run SunJavaUpdateSched "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
Yes HKLM:Run Malwarebytes Anti-Malware (reboot) "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
Yes HKLM:Run IgfxTray C:\Windows\system32\igfxtray.exe
Yes HKLM:Run HotKeysCmds C:\Windows\system32\hkcmd.exe
Yes HKLM:Run Persistence C:\Windows\system32\igfxpers.exe
Yes HKLM:Run RtHDVCpl C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
Yes HKLM:Run Apoint %ProgramFiles%\Apoint\Apoint.exe
Yes Startup Common Bluetooth.lnk C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe


plus another HKCU(which i try to unclick at the startup) where it said No next to it but i can't find it anymore.It was

somekind of msconfig.exe facebook hack..a programm like that

and i also deleted a file folder :msconfig,size:432KB and origin:Roaming

Any suggestions?
Tha antivirus can't find anything.

My System SpecsSystem Spec
.

09 Jul 2010   #2

Win 8 Release candidate 8400
 
 

Quote   Quote: Originally Posted by plout View Post
Hello guys,i use malwarebytes to scan my laptop and everytime lately finds the same problems which deletes but reappear.
Here are the results:

Malwarebytes' Anti-Malware 1.46
Malwarebytes

Database version: 4288

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

08/07/2010 03:26:02
mbam-log-2010-07-08 (03-26-02).txt

Scan type: Quick scan
Objects scanned: 126992
Time elapsed: 4 minute(s), 52 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hkcu (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Users\mina\AppData\Roaming\msconfig\msconfig.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\mina\AppData\Roaming\logs.dat (Bifrose.Trace) -> Quarantined and deleted successfully.
C:\Users\mina\AppData\Local\Temp\UuU.uUu (Malware.Trace) -> Quarantined and deleted successfully.
C:\Users\mina\AppData\Local\Temp\XxX.xXx (Malware.Trace) -> Delete on reboot.


i typed msconfig the first time and appeared:
Yes HKCU:Run BrowserChoice "C:\Windows\System32\browserchoice.exe" /run

Yes HKLM:Run IAStorIcon C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
Yes HKLM:Run ISBMgr.exe "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"
Yes HKLM:Run McENUI C:\PROGRA~2\McAfee\MHN\McENUI.exe /hide
Yes HKLM:Run NortonOnlineBackupReminder "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
Yes HKLM:Run PMBVolumeWatcher C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
Yes HKLM:Run MarketingTools C:\Program Files (x86)\Sony\Marketing Tools\MarketingTools.exe
Yes HKLM:Run mcagent_exe "C:\Program Files (x86)\McAfee.com\Agent\mcagent.exe" /runkey
Yes HKLM:Run Adobe Reader Speed Launcher "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
Yes HKLM:Run Adobe ARM "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
Yes HKLM:Run SunJavaUpdateSched "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
Yes HKLM:Run Malwarebytes Anti-Malware (reboot) "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
Yes HKLM:Run IgfxTray C:\Windows\system32\igfxtray.exe
Yes HKLM:Run HotKeysCmds C:\Windows\system32\hkcmd.exe
Yes HKLM:Run Persistence C:\Windows\system32\igfxpers.exe
Yes HKLM:Run RtHDVCpl C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
Yes HKLM:Run Apoint %ProgramFiles%\Apoint\Apoint.exe
Yes Startup Common Bluetooth.lnk C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe


plus another HKCU(which i try to unclick at the startup) where it said No next to it but i can't find it anymore.It was

somekind of msconfig.exe facebook hack..a programm like that

and i also deleted a file folder :msconfig,size:432KB and origin:Roaming

Any suggestions?
Tha antivirus can't find anything.

I am afraid this isnt going to be much help, but anytime I get anything that even remotely smells like a virus, I do a clean install. It is the only way to be sure it is gone.

Ken
My System SpecsSystem Spec
09 Jul 2010   #3

Windows® 8 Pro (64-bit)
 
 

Scan your computer with Hitman Pro.
Download link: Downloads - SurfRight
My System SpecsSystem Spec
.


09 Jul 2010   #4

windows 7 home premium 64bit
 
 

Quote   Quote: Originally Posted by Dinesh View Post
Scan your computer with Hitman Pro.
Download link: Downloads - SurfRight
thank you for this program

here are the results:

BODY{font:x-small 'Verdana';margin-right:1.5em} .c{cursor:hand} .b{color:red;font-family:'Courier New';font-weight:bold;text-decoration:none} .e{margin-left:1em;text-indent:-1em;margin-right:1em} .k{margin-left:1em;text-indent:-1em;margin-right:1em} .t{color:#990000} .xt{color:#990099} .ns{color:red} .dt{color:green} .m{color:blue} .tx{font-weight:bold} .db{text-indent:0px;margin-left:1em;margin-top:0px;margin-bottom:0px;padding-left:.3em;border-left:1px solid #CCCCCC;font:small Courier} .di{font:small Courier} .d{color:blue} .pi{color:blue} .cb{text-indent:0px;margin-left:1em;margin-top:0px;margin-bottom:0px;padding-left:.3em;font:small Courier;color:#888888} .ci{font:small Courier;color:#888888} PRE{margin:0px;display:inline} - <Log computer="MINA-VAIO" scan="Normal" version="3.5.6.106" date="2010-07-09T21:58:29" timeSpentInSecs="108" filesProcessed="12926">
- <Item type="Repair" score="0.0" status="Deleted">
<File path="C:\Users\mina\AppData\Roaming\Microsoft\Windows\Cookies\mina@atdmt[2].txt" />

</Item>


- <Item type="Malware" malwareName="Trojan" score="112.0" status="Deleted">
- <Scanners>
<Scanner id="G Data" name="Trojan.Generic.4129350 (Engine-A)" />

<Scanner id="Prevx" name="High Risk System Back Door" />

<Scanner id="DrWeb" name="BackDoor.IRC.Bot.370" />

</Scanners>


<File path="C:\Users\mina\AppData\Roaming\msconfig\msconfig.exe" hash="9EC272C13474DA8AAE34CE3A6AF003FB4E7E515689D05F26F5C6F27161CE169D" />

- <Startup>
<Key path="HKU\S-1-5-21-2082827157-3937510034-990673929-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU" />

</Startup>


</Item>


</Log>





it's a trojan.I'll restart the pc to see if it's gone.
My System SpecsSystem Spec
09 Jul 2010   #5

windows 7 home premium 64bit
 
 

Excellent!Malwarebytes doesn't find it anymore

Allthough found these,but i don't know if it's the new programm installed

Malwarebytes' Anti-Malware 1.46
Malwarebytes

Database version: 4288

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

09/07/2010 22:14:45
mbam-log-2010-07-09 (22-14-45).txt

Scan type: Quick scan
Objects scanned: 126886
Time elapsed: 5 minute(s), 10 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Users\mina\AppData\Roaming\logs.dat (Bifrose.Trace) -> Quarantined and deleted successfully.
C:\Users\mina\AppData\Local\Temp\UuU.uUu (Malware.Trace) -> Quarantined and deleted successfully.
C:\Users\mina\AppData\Local\Temp\XxX.xXx (Malware.Trace) -> Quarantined and deleted successfully.
My System SpecsSystem Spec
09 Jul 2010   #6

Windows® 8 Pro (64-bit)
 
 

The virus is deleted.
My System SpecsSystem Spec
Reply

 msconfig.exe trojan?




Thread Tools



Similar help and support threads for2: msconfig.exe trojan?
Thread Forum
MSConfig help please Performance & Maintenance
msconfig.exe Performance & Maintenance
msconfig in dos w/ win.ini Backup and Restore
Trying to speed up using MSConfig? Performance & Maintenance
Trojan:Win32/FakeSpypro & Trojan:JS/FakeSpypro System Security
msconfig broken wtf? General Discussion
Msconfig Customization

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd

All times are GMT -5. The time now is 07:56 AM.
Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App
  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33