Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: MSE Worm:Win32/Ainslot32.A


05 Feb 2011   #1

Microsoft Windows 7 Professional 64-bit 7601 Multiprocessor Free Service Pack 1
 
 
MSE Worm:Win32/Ainslot32.A

Mse Keeps giving me an alert on this worm. I have deleted and quarantined it but shows up on each reboot. Ithink it is some how connected to this C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe as after deleting or quarantine MSE wants to send this for asessment to detemine if it is malacious. Anyone knows how to best rid the worm and as to wheter file is malicious. Any and all help will be greatly appreciated. runing Win 7 Pro 64


My System SpecsSystem Spec
.

05 Feb 2011   #2

Microsoft Community Contributor Award Recipient

Win 7 Home Premium 64bit Ver 6.1.7600 Build 7601 - SP1
 
 

Hi! FrostyAMD, welcome to 7F

You sure caught a new one it took me a while to track this one down. Kaspersky, and Trend-Micro do have Aliases.

See:
Encyclopedia entry: Worm:Win32/Ainslot.A - Learn more about malware - Microsoft Malware Protection Center
Please read the whole page.

One of the first things you want to do is stop Autoruns:and then do not use any portable devices until you are sure they are dis-infected!

Then disable, System Restore:
System Restore - Enable or Disable and delete any that remain: System Protection Restore Points - Delete

Do you have any anti-virus Programs other than MSE?

There is one at the bottom of the first link I provided:
https://onecare.live.com/site/en-us/default.htm

Then:Malwarebytes Do not worry, it will redirect you to Major Geeks.

Make sure any scanners you run are up to date!
You would do well to run them in safe mode, and or safe mode with networking, although you might not be able to run Onecare that way.

Do you have the newest version of MSE: 2.0.657.0? If not force an upgrade.

Is your OS up to date? If your not sure go to Windows update in Control Panel, and force one.
My System SpecsSystem Spec
05 Feb 2011   #3

Microsoft Windows 7 Professional 64-bit 7601 Multiprocessor Free Service Pack 1
 
 

Got MSE 2.0.657.0 did the peliminary stuff off to run MSE and MBAM in safe mode Thank you I'll report back
My System SpecsSystem Spec
.


05 Feb 2011   #4

Win 7 32 Home Premium, Win 7 64 Pro, Win 8.1 Pro
 
 

You may want to give this a try:

Norton Power Eraser. It now also does a rootkit scan

http://security.symantec.com/nbrt/npe.asp?lcid=1033

Quote:
Eliminates deeply embedded and difficult to remove crimeware that traditional virus scanning doesn't always detect.
Because the Norton Power Eraser uses aggressive methods to detect these threats, there is a risk that it can select some legitimate programs for removal. You should use this tool very carefully, and only after you have exhausted other options.
You can also try using a rescue boot disk, which will load before the sys does and attempt to clean/repair. There are several choices...

Kaspersky
http://www.softpedia.com/get/Antivir...cue-Disk.shtml

AVG
http://www.avg.com/us-en/avg-rescue-cd

Avira
http://www.avira.com/en/support-down...-rescue-system
My System SpecsSystem Spec
07 Feb 2011   #5

Microsoft Windows 7 Professional 64-bit 7601 Multiprocessor Free Service Pack 1
 
 

thanks for the help. Problem solved with running both MSE and Malwarebytes in safe mode ! Thanks again
My System SpecsSystem Spec
07 Feb 2011   #6

Microsoft Community Contributor Award Recipient

Win 7 Home Premium 64bit Ver 6.1.7600 Build 7601 - SP1
 
 

That is good to hear!

  • Did you check your portable devices?
  • Re-enable and create a system restore point after you deleted all the old points?
  • Check and re-adjust Autoruns for what is allowed to run?
  • Did you have to use Borg's Norton Power Eraser
Try to remember how this may have happened, so it doesn't happen again.

You could help by going up to the red triangle, and asking one of the Admins or Mods to mark this solved with a green check-mark.
My System SpecsSystem Spec
07 Feb 2011   #7

Microsoft Community Contributor Award Recipient

Win 7 Home Premium 64bit Ver 6.1.7600 Build 7601 - SP1
 
 

Hi Joules!
Did you have any problems differentiating between the good files and bad? I'm planning on using it myself.

Do you know if it left any traces of itself?
My System SpecsSystem Spec
07 Feb 2011   #8

Windows 7 & Windows Vista Ultimate
 
 

Quote   Quote: Originally Posted by Anak View Post

Then disable, System Restore:
System Restore - Enable or Disable and delete any that remain: System Protection Restore Points - Delete
FYI, it is not a good recommendation to disable System Restore. If there is a false/positive during clean-up or a critical file removed, the only option at that point may be a complete format and fresh install. Although a clean install may be a wise move with certain types of malware, the option to save critical documents may well be lost.

My recommendation is to create a fresh restore point after cleanup and then remove all but that last point with Disk Cleanup.
My System SpecsSystem Spec
07 Feb 2011   #9

Microsoft Community Contributor Award Recipient

Win 7 Home Premium 64bit Ver 6.1.7600 Build 7601 - SP1
 
 

Quote   Quote: Originally Posted by Corrine View Post
Quote   Quote: Originally Posted by Anak View Post

Then disable, System Restore:
System Restore - Enable or Disable and delete any that remain: System Protection Restore Points - Delete
FYI, it is not a good recommendation to disable System Restore. If there is a false/positive during clean-up or a critical file removed, the only option at that point may be a complete format and fresh install. Although a clean install may be a wise move with certain types of malware, the option to save critical documents may well be lost.

My recommendation is to create a fresh restore point after cleanup and then remove all but that last point with Disk Cleanup.
Hi Corrine!....Duly noted, thank you for the clarification!

Quote   Quote: Originally Posted by Joules View Post
Quote   Quote: Originally Posted by Anak View Post
Hi Joules!
Did you have any problems differentiating between the good files and bad? I'm planning on using it myself.

Do you know if it left any traces of itself?
You can differentiate if you know the program well and the source that you got it from, one catch was a backdoor trojan that came from a automated VHD loading program that I thought was clean. I should of known better cause it came from a site like rapidshare...dummy me but you will be able to figure out what is going on with it....
Thank you for the heads up Joules!
My System SpecsSystem Spec
Reply

 MSE Worm:Win32/Ainslot32.A




Thread Tools



Similar help and support threads for2: MSE Worm:Win32/Ainslot32.A
Thread Forum
Windows xp Win32 worm malware unable to work with keybord System Security
Solved Worm:Win32/Ainslot.A System Security
Solved Win32/Blaster Worm Affected !! System Security
Interesting Snowflake Worm:Win32/SnowFlake.A Security News
Hotmail worm? System Security
Solved Got a win32 blaster worm and can't get rid of it? System Security
Worm vb-740 System Security

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 10:40 PM.
Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App
  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33