MSE Worm:Win32/Ainslot32.A


  1. Posts : 21
    Microsoft Windows 7 Professional 64-bit 7601 Multiprocessor Free Service Pack 1
       #1

    MSE Worm:Win32/Ainslot32.A


    Mse Keeps giving me an alert on this worm. I have deleted and quarantined it but shows up on each reboot. Ithink it is some how connected to this C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe as after deleting or quarantine MSE wants to send this for asessment to detemine if it is malacious. Anyone knows how to best rid the worm and as to wheter file is malicious. Any and all help will be greatly appreciated. runing Win 7 Pro 64
      My Computer


  2. Posts : 5,605
    Originally Win 7 Hm Prem x64 Ver 6.1.7600 Build 7601-SP1 | Upgraded to Windows 10 December 14, 2019
       #2

    Hi! FrostyAMD, welcome to 7F :)

    You sure caught a new one it took me a while to track this one down. Kaspersky, and Trend-Micro do have Aliases.

    See:
    Encyclopedia entry: Worm:Win32/Ainslot.A - Learn more about malware - Microsoft Malware Protection Center
    Please read the whole page.

    One of the first things you want to do is stop Autoruns:and then do not use any portable devices until you are sure they are dis-infected!

    Then disable, System Restore:
    System Restore - Enable or Disable and delete any that remain: System Protection Restore Points - Delete

    Do you have any anti-virus Programs other than MSE?

    There is one at the bottom of the first link I provided:
    https://onecare.live.com/site/en-us/default.htm

    Then:Malwarebytes Do not worry, it will redirect you to Major Geeks.

    Make sure any scanners you run are up to date!
    You would do well to run them in safe mode, and or safe mode with networking, although you might not be able to run Onecare that way.

    Do you have the newest version of MSE: 2.0.657.0? If not force an upgrade.

    Is your OS up to date? If your not sure go to Windows update in Control Panel, and force one.
    Last edited by Brink; 18 Feb 2012 at 13:56. Reason: broken link removed
      My Computer


  3. Posts : 21
    Microsoft Windows 7 Professional 64-bit 7601 Multiprocessor Free Service Pack 1
    Thread Starter
       #3

    Got MSE 2.0.657.0 did the peliminary stuff off to run MSE and MBAM in safe mode Thank you I'll report back
      My Computer


  4. Posts : 7,781
    Win 7 32 Home Premium, Win 7 64 Pro, Win 8.1, Win 10
       #4

    You may want to give this a try:

    Norton Power Eraser. It now also does a rootkit scan

    http://security.symantec.com/nbrt/npe.asp?lcid=1033

    Eliminates deeply embedded and difficult to remove crimeware that traditional virus scanning doesn't always detect.
    Because the Norton Power Eraser uses aggressive methods to detect these threats, there is a risk that it can select some legitimate programs for removal. You should use this tool very carefully, and only after you have exhausted other options.
    You can also try using a rescue boot disk, which will load before the sys does and attempt to clean/repair. There are several choices...

    Kaspersky
    http://www.softpedia.com/get/Antivir...cue-Disk.shtml

    AVG
    http://www.avg.com/us-en/avg-rescue-cd

    Avira
    http://www.avira.com/en/support-down...-rescue-system
      My Computer


  5. Posts : 21
    Microsoft Windows 7 Professional 64-bit 7601 Multiprocessor Free Service Pack 1
    Thread Starter
       #5

    thanks for the help. Problem solved with running both MSE and Malwarebytes in safe mode ! Thanks again
      My Computer


  6. Posts : 5,605
    Originally Win 7 Hm Prem x64 Ver 6.1.7600 Build 7601-SP1 | Upgraded to Windows 10 December 14, 2019
       #6

    That is good to hear!


    • Did you check your portable devices?
    • Re-enable and create a system restore point after you deleted all the old points?
    • Check and re-adjust Autoruns for what is allowed to run?
    • Did you have to use Borg's Norton Power Eraser

    Try to remember how this may have happened, so it doesn't happen again.

    You could help by going up to the red triangle, and asking one of the Admins or Mods to mark this solved with a green check-mark.
      My Computer


  7. Posts : 5,605
    Originally Win 7 Hm Prem x64 Ver 6.1.7600 Build 7601-SP1 | Upgraded to Windows 10 December 14, 2019
       #7

    Hi Joules!
    Did you have any problems differentiating between the good files and bad? I'm planning on using it myself.

    Do you know if it left any traces of itself?
      My Computer


  8. Posts : 2,303
    Windows 7 & Windows Vista Ultimate
       #8

    Anak said:

    Then disable, System Restore:
    System Restore - Enable or Disable and delete any that remain: System Protection Restore Points - Delete
    FYI, it is not a good recommendation to disable System Restore. If there is a false/positive during clean-up or a critical file removed, the only option at that point may be a complete format and fresh install. Although a clean install may be a wise move with certain types of malware, the option to save critical documents may well be lost.

    My recommendation is to create a fresh restore point after cleanup and then remove all but that last point with Disk Cleanup.
      My Computer


  9. Posts : 5,605
    Originally Win 7 Hm Prem x64 Ver 6.1.7600 Build 7601-SP1 | Upgraded to Windows 10 December 14, 2019
       #9

    Corrine said:
    Anak said:

    Then disable, System Restore:
    System Restore - Enable or Disable and delete any that remain: System Protection Restore Points - Delete
    FYI, it is not a good recommendation to disable System Restore. If there is a false/positive during clean-up or a critical file removed, the only option at that point may be a complete format and fresh install. Although a clean install may be a wise move with certain types of malware, the option to save critical documents may well be lost.

    My recommendation is to create a fresh restore point after cleanup and then remove all but that last point with Disk Cleanup.
    Hi Corrine!....Duly noted, thank you for the clarification!

    Joules said:
    Anak said:
    Hi Joules!
    Did you have any problems differentiating between the good files and bad? I'm planning on using it myself.

    Do you know if it left any traces of itself?
    You can differentiate if you know the program well and the source that you got it from, one catch was a backdoor trojan that came from a automated VHD loading program that I thought was clean. I should of known better cause it came from a site like rapidshare...dummy me but you will be able to figure out what is going on with it....
    Thank you for the heads up Joules!
      My Computer


 

  Related Discussions
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 06:16.
Find Us