Solved MSE Worm:Win32/Ainslot32.A

F

FrostyAMD

New member
Local time
3:25 AM
Messages
20
Mse Keeps giving me an alert on this worm. I have deleted and quarantined it but shows up on each reboot. Ithink it is some how connected to this C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe as after deleting or quarantine MSE wants to send this for asessment to detemine if it is malacious. Anyone knows how to best rid the worm and as to wheter file is malicious. Any and all help will be greatly appreciated. runing Win 7 Pro 64
 

My Computer My Computer

At a glance

Microsoft Windows 7 Professional 64-bit 7601 ...Intel(R) Core(TM) i7-4790K CPU @ 4.00GHz8.00 GBNVIDIA GeForce GTX 970
Computer type
PC/Desktop
OS
Microsoft Windows 7 Professional 64-bit 7601 Multiprocessor Free Service Pack 1
CPU
Intel(R) Core(TM) i7-4790K CPU @ 4.00GHz
Motherboard
ASRock Z97 OC Formula
Memory
8.00 GB
Graphics Card(s)
NVIDIA GeForce GTX 970
Sound Card
(1) High Definition Audio Device (2) Realtek High Definiti
Monitor(s) Displays
Quinx (2)
Screen Resolution
2560 x 1440 x 16 bits (65536 colors) @ 59 Hz
Hard Drives
(1) SAMSUNG SSD PM830 FDE mSATA 256GB ATA Device (2) ST31000340AS ATA Device (3) ST31500341AS ATA Device (4) ST31500341AS ATA Device (5) WDC WD15EARX-00PASB0 ATA Device (6) WDC WD15EARX-00PASB0 ATA Device (7) ST31500341AS SCSI Disk Devic
PSU
EVGA 1000 G2
Cooling
Custom Water
Keyboard
Logitech G15
Mouse
Logitech wireless lefthand mouse
Antivirus
MSE & Malwarebytes
Browser
ie11
Other Info
CPU OC to 4.8MHZ @ 1.285
Hi! FrostyAMD, welcome to 7F :)

You sure caught a new one it took me a while to track this one down. Kaspersky, and Trend-Micro do have Aliases.

See:
Encyclopedia entry: Worm:Win32/Ainslot.A - Learn more about malware - Microsoft Malware Protection Center
Please read the whole page.

One of the first things you want to do is stop Autoruns: and then do not use any portable devices until you are sure they are dis-infected!

Then disable, System Restore:
http://www.sevenforums.com/tutorials/81500-system-restore-enable-disable.html and delete any that remain: http://www.sevenforums.com/tutorials/336-system-protection-restore-points-delete.html

Do you have any anti-virus Programs other than MSE?

There is one at the bottom of the first link I provided:
https://onecare.live.com/site/en-us/default.htm

Then:Malwarebytes Do not worry, it will redirect you to Major Geeks.

Make sure any scanners you run are up to date!
You would do well to run them in safe mode, and or safe mode with networking, although you might not be able to run Onecare that way.

Do you have the newest version of MSE: 2.0.657.0? If not force an upgrade.

Is your OS up to date? If your not sure go to Windows update in Control Panel, and force one.
 
Last edited by a moderator:

My Computer My Computer

At a glance

Originally Win 7 Hm Prem x64 Ver 6.1.7600 Bui...Intel i3 530 2.93GHz, 2933MHz 2 Cores 4 Logic...6GB of 1,333MHz DDR3 SDRAM32MB Intel Graphics Media Accelerator HD IGChip
Computer type
PC/Desktop
Computer Manufacturer/Model Number
Gateway DX4831-01e (Mid-Tower Desktop)
OS
Originally Win 7 Hm Prem x64 Ver 6.1.7600 Build 7601-SP1 | Upgraded to Windows 10 December 14, 2019
CPU
Intel i3 530 2.93GHz, 2933MHz 2 Cores 4 Logical Processors
Motherboard
Gateway H57M01 133 megahertz
Memory
6GB of 1,333MHz DDR3 SDRAM
Graphics Card(s)
32MB Intel Graphics Media Accelerator HD IGChip
Sound Card
Realtek High Definition Audio
Monitor(s) Displays
Gateway HX2000 20inch TFT active matrix TN
Screen Resolution
1600 x 900 x 59 hertz
Hard Drives
WDC WD10EADS-00M2B0 [HDD] (1000.20 GB) -- drive 0,
HL-DT-ST DVDRAM GH41N [CD-ROM dr]
Four card readers, and Four USB 2.0
PSU
300watts.
Case
Mid-Tower Desktop
Cooling
Stock from Gateway
Keyboard
Natural Ergonomic Keyboard 4000, see Other Info
Mouse
Orig. Gateway wore out now using Insignia USB wired optical
Internet Speed
Vz FIOS 10ms png 57.64Mbps down 65.53Mbps up Speedtest.org
Antivirus
Zamana Anti-logger with Anti-malware, MSE, Windows Firewall,
Browser
IE11.0.9600.19399-Upd ver11.0.135, Firefox 68.0.1 x64
Other Info
System Specs by Belarc.

BIOS: American Megatrends Inc. P01-A0 11/17/2009

Replaced the MS 'Natural' Standard PS/2 Enhanced 101-102 Keyboard with a new Natural Ergonomic Keyboard 4000 on August 1st 2014.

Canon Pixma MG3222 Printer.

Updated to IE11 on 12102015 | Fios Quantum Router g1100

Additional AV: SpywareBlaster, manual Mbam, SAS
Got MSE 2.0.657.0 did the peliminary stuff off to run MSE and MBAM in safe mode Thank you I'll report back
 

My Computer My Computer

At a glance

Microsoft Windows 7 Professional 64-bit 7601 ...Intel(R) Core(TM) i7-4790K CPU @ 4.00GHz8.00 GBNVIDIA GeForce GTX 970
Computer type
PC/Desktop
OS
Microsoft Windows 7 Professional 64-bit 7601 Multiprocessor Free Service Pack 1
CPU
Intel(R) Core(TM) i7-4790K CPU @ 4.00GHz
Motherboard
ASRock Z97 OC Formula
Memory
8.00 GB
Graphics Card(s)
NVIDIA GeForce GTX 970
Sound Card
(1) High Definition Audio Device (2) Realtek High Definiti
Monitor(s) Displays
Quinx (2)
Screen Resolution
2560 x 1440 x 16 bits (65536 colors) @ 59 Hz
Hard Drives
(1) SAMSUNG SSD PM830 FDE mSATA 256GB ATA Device (2) ST31000340AS ATA Device (3) ST31500341AS ATA Device (4) ST31500341AS ATA Device (5) WDC WD15EARX-00PASB0 ATA Device (6) WDC WD15EARX-00PASB0 ATA Device (7) ST31500341AS SCSI Disk Devic
PSU
EVGA 1000 G2
Cooling
Custom Water
Keyboard
Logitech G15
Mouse
Logitech wireless lefthand mouse
Antivirus
MSE & Malwarebytes
Browser
ie11
Other Info
CPU OC to 4.8MHZ @ 1.285
You may want to give this a try:

Norton Power Eraser. It now also does a rootkit scan

http://security.symantec.com/nbrt/npe.asp?lcid=1033

Eliminates deeply embedded and difficult to remove crimeware that traditional virus scanning doesn't always detect.
Because the Norton Power Eraser uses aggressive methods to detect these threats, there is a risk that it can select some legitimate programs for removal. You should use this tool very carefully, and only after you have exhausted other options.
Click to expand...
You can also try using a rescue boot disk, which will load before the sys does and attempt to clean/repair. There are several choices...

Kaspersky
http://www.softpedia.com/get/Antivirus/Kaspersky-Rescue-Disk.shtml

AVG
http://www.avg.com/us-en/avg-rescue-cd

Avira
http://www.avira.com/en/support-download-avira-antivir-rescue-system
 

My Computer My Computer

At a glance

Win 7 32 Home Premium, Win 7 64 Pro, Win 8.1,...Intel Core 2 Duo 2.93GHzNot much with my ADHDATI Radeon HD 4350
Computer type
PC/Desktop
Computer Manufacturer/Model Number
Dell Hell oh Well
OS
Win 7 32 Home Premium, Win 7 64 Pro, Win 8.1, Win 10
CPU
Intel Core 2 Duo 2.93GHz
Memory
Not much with my ADHD
Graphics Card(s)
ATI Radeon HD 4350
Monitor(s) Displays
24" HDTV/Monitor
Screen Resolution
Blurry after a Scotch or 2
Hard Drives
1 HDD 250 GB, 1 HDD 1 TB, 3 - 1 TB Externals
Case
Don't get on my case...man :D
Cooling
I have an Air Conditioner & Diet Pepsi
Keyboard
Saitek Cyborg
Mouse
10 yr old MS optical mouse that still works
Internet Speed
Never fast enough
Antivirus
Various
Browser
Various
thanks for the help. Problem solved with running both MSE and Malwarebytes in safe mode ! Thanks again
 

My Computer My Computer

At a glance

Microsoft Windows 7 Professional 64-bit 7601 ...Intel(R) Core(TM) i7-4790K CPU @ 4.00GHz8.00 GBNVIDIA GeForce GTX 970
Computer type
PC/Desktop
OS
Microsoft Windows 7 Professional 64-bit 7601 Multiprocessor Free Service Pack 1
CPU
Intel(R) Core(TM) i7-4790K CPU @ 4.00GHz
Motherboard
ASRock Z97 OC Formula
Memory
8.00 GB
Graphics Card(s)
NVIDIA GeForce GTX 970
Sound Card
(1) High Definition Audio Device (2) Realtek High Definiti
Monitor(s) Displays
Quinx (2)
Screen Resolution
2560 x 1440 x 16 bits (65536 colors) @ 59 Hz
Hard Drives
(1) SAMSUNG SSD PM830 FDE mSATA 256GB ATA Device (2) ST31000340AS ATA Device (3) ST31500341AS ATA Device (4) ST31500341AS ATA Device (5) WDC WD15EARX-00PASB0 ATA Device (6) WDC WD15EARX-00PASB0 ATA Device (7) ST31500341AS SCSI Disk Devic
PSU
EVGA 1000 G2
Cooling
Custom Water
Keyboard
Logitech G15
Mouse
Logitech wireless lefthand mouse
Antivirus
MSE & Malwarebytes
Browser
ie11
Other Info
CPU OC to 4.8MHZ @ 1.285
That is good to hear!


  • Did you check your portable devices?
  • Re-enable and create a system restore point after you deleted all the old points?
  • Check and re-adjust Autoruns for what is allowed to run?
  • Did you have to use Borg's Norton Power Eraser
Try to remember how this may have happened, so it doesn't happen again.

You could help by going up to the red triangle, and asking one of the Admins or Mods to mark this solved with a green check-mark.
 

My Computer My Computer

At a glance

Originally Win 7 Hm Prem x64 Ver 6.1.7600 Bui...Intel i3 530 2.93GHz, 2933MHz 2 Cores 4 Logic...6GB of 1,333MHz DDR3 SDRAM32MB Intel Graphics Media Accelerator HD IGChip
Computer type
PC/Desktop
Computer Manufacturer/Model Number
Gateway DX4831-01e (Mid-Tower Desktop)
OS
Originally Win 7 Hm Prem x64 Ver 6.1.7600 Build 7601-SP1 | Upgraded to Windows 10 December 14, 2019
CPU
Intel i3 530 2.93GHz, 2933MHz 2 Cores 4 Logical Processors
Motherboard
Gateway H57M01 133 megahertz
Memory
6GB of 1,333MHz DDR3 SDRAM
Graphics Card(s)
32MB Intel Graphics Media Accelerator HD IGChip
Sound Card
Realtek High Definition Audio
Monitor(s) Displays
Gateway HX2000 20inch TFT active matrix TN
Screen Resolution
1600 x 900 x 59 hertz
Hard Drives
WDC WD10EADS-00M2B0 [HDD] (1000.20 GB) -- drive 0,
HL-DT-ST DVDRAM GH41N [CD-ROM dr]
Four card readers, and Four USB 2.0
PSU
300watts.
Case
Mid-Tower Desktop
Cooling
Stock from Gateway
Keyboard
Natural Ergonomic Keyboard 4000, see Other Info
Mouse
Orig. Gateway wore out now using Insignia USB wired optical
Internet Speed
Vz FIOS 10ms png 57.64Mbps down 65.53Mbps up Speedtest.org
Antivirus
Zamana Anti-logger with Anti-malware, MSE, Windows Firewall,
Browser
IE11.0.9600.19399-Upd ver11.0.135, Firefox 68.0.1 x64
Other Info
System Specs by Belarc.

BIOS: American Megatrends Inc. P01-A0 11/17/2009

Replaced the MS 'Natural' Standard PS/2 Enhanced 101-102 Keyboard with a new Natural Ergonomic Keyboard 4000 on August 1st 2014.

Canon Pixma MG3222 Printer.

Updated to IE11 on 12102015 | Fios Quantum Router g1100

Additional AV: SpywareBlaster, manual Mbam, SAS
Hi Joules!
Did you have any problems differentiating between the good files and bad? I'm planning on using it myself.

Do you know if it left any traces of itself?
 

My Computer My Computer

At a glance

Originally Win 7 Hm Prem x64 Ver 6.1.7600 Bui...Intel i3 530 2.93GHz, 2933MHz 2 Cores 4 Logic...6GB of 1,333MHz DDR3 SDRAM32MB Intel Graphics Media Accelerator HD IGChip
Computer type
PC/Desktop
Computer Manufacturer/Model Number
Gateway DX4831-01e (Mid-Tower Desktop)
OS
Originally Win 7 Hm Prem x64 Ver 6.1.7600 Build 7601-SP1 | Upgraded to Windows 10 December 14, 2019
CPU
Intel i3 530 2.93GHz, 2933MHz 2 Cores 4 Logical Processors
Motherboard
Gateway H57M01 133 megahertz
Memory
6GB of 1,333MHz DDR3 SDRAM
Graphics Card(s)
32MB Intel Graphics Media Accelerator HD IGChip
Sound Card
Realtek High Definition Audio
Monitor(s) Displays
Gateway HX2000 20inch TFT active matrix TN
Screen Resolution
1600 x 900 x 59 hertz
Hard Drives
WDC WD10EADS-00M2B0 [HDD] (1000.20 GB) -- drive 0,
HL-DT-ST DVDRAM GH41N [CD-ROM dr]
Four card readers, and Four USB 2.0
PSU
300watts.
Case
Mid-Tower Desktop
Cooling
Stock from Gateway
Keyboard
Natural Ergonomic Keyboard 4000, see Other Info
Mouse
Orig. Gateway wore out now using Insignia USB wired optical
Internet Speed
Vz FIOS 10ms png 57.64Mbps down 65.53Mbps up Speedtest.org
Antivirus
Zamana Anti-logger with Anti-malware, MSE, Windows Firewall,
Browser
IE11.0.9600.19399-Upd ver11.0.135, Firefox 68.0.1 x64
Other Info
System Specs by Belarc.

BIOS: American Megatrends Inc. P01-A0 11/17/2009

Replaced the MS 'Natural' Standard PS/2 Enhanced 101-102 Keyboard with a new Natural Ergonomic Keyboard 4000 on August 1st 2014.

Canon Pixma MG3222 Printer.

Updated to IE11 on 12102015 | Fios Quantum Router g1100

Additional AV: SpywareBlaster, manual Mbam, SAS
Anak said:
Then disable, System Restore:
http://www.sevenforums.com/tutorials/81500-system-restore-enable-disable.html and delete any that remain: http://www.sevenforums.com/tutorials/336-system-protection-restore-points-delete.html
Click to expand...

FYI, it is not a good recommendation to disable System Restore. If there is a false/positive during clean-up or a critical file removed, the only option at that point may be a complete format and fresh install. Although a clean install may be a wise move with certain types of malware, the option to save critical documents may well be lost.

My recommendation is to create a fresh restore point after cleanup and then remove all but that last point with Disk Cleanup.
 

My Computer My Computer

At a glance

Windows 7 & Windows Vista Ultimate
OS
Windows 7 & Windows Vista Ultimate
Corrine said:
Anak said:
Then disable, System Restore:
http://www.sevenforums.com/tutorials/81500-system-restore-enable-disable.html and delete any that remain: http://www.sevenforums.com/tutorials/336-system-protection-restore-points-delete.html
Click to expand...

FYI, it is not a good recommendation to disable System Restore. If there is a false/positive during clean-up or a critical file removed, the only option at that point may be a complete format and fresh install. Although a clean install may be a wise move with certain types of malware, the option to save critical documents may well be lost.

My recommendation is to create a fresh restore point after cleanup and then remove all but that last point with Disk Cleanup.
Click to expand...
Hi Corrine!....Duly noted, thank you for the clarification!

Joules said:
Anak said:
Hi Joules!
Did you have any problems differentiating between the good files and bad? I'm planning on using it myself.

Do you know if it left any traces of itself?
Click to expand...

You can differentiate if you know the program well and the source that you got it from, one catch was a backdoor trojan that came from a automated VHD loading program that I thought was clean. I should of known better cause it came from a site like rapidshare...dummy me but you will be able to figure out what is going on with it....
Click to expand...
Thank you for the heads up Joules!
 

My Computer My Computer

At a glance

Originally Win 7 Hm Prem x64 Ver 6.1.7600 Bui...Intel i3 530 2.93GHz, 2933MHz 2 Cores 4 Logic...6GB of 1,333MHz DDR3 SDRAM32MB Intel Graphics Media Accelerator HD IGChip
Computer type
PC/Desktop
Computer Manufacturer/Model Number
Gateway DX4831-01e (Mid-Tower Desktop)
OS
Originally Win 7 Hm Prem x64 Ver 6.1.7600 Build 7601-SP1 | Upgraded to Windows 10 December 14, 2019
CPU
Intel i3 530 2.93GHz, 2933MHz 2 Cores 4 Logical Processors
Motherboard
Gateway H57M01 133 megahertz
Memory
6GB of 1,333MHz DDR3 SDRAM
Graphics Card(s)
32MB Intel Graphics Media Accelerator HD IGChip
Sound Card
Realtek High Definition Audio
Monitor(s) Displays
Gateway HX2000 20inch TFT active matrix TN
Screen Resolution
1600 x 900 x 59 hertz
Hard Drives
WDC WD10EADS-00M2B0 [HDD] (1000.20 GB) -- drive 0,
HL-DT-ST DVDRAM GH41N [CD-ROM dr]
Four card readers, and Four USB 2.0
PSU
300watts.
Case
Mid-Tower Desktop
Cooling
Stock from Gateway
Keyboard
Natural Ergonomic Keyboard 4000, see Other Info
Mouse
Orig. Gateway wore out now using Insignia USB wired optical
Internet Speed
Vz FIOS 10ms png 57.64Mbps down 65.53Mbps up Speedtest.org
Antivirus
Zamana Anti-logger with Anti-malware, MSE, Windows Firewall,
Browser
IE11.0.9600.19399-Upd ver11.0.135, Firefox 68.0.1 x64
Other Info
System Specs by Belarc.

BIOS: American Megatrends Inc. P01-A0 11/17/2009

Replaced the MS 'Natural' Standard PS/2 Enhanced 101-102 Keyboard with a new Natural Ergonomic Keyboard 4000 on August 1st 2014.

Canon Pixma MG3222 Printer.

Updated to IE11 on 12102015 | Fios Quantum Router g1100

Additional AV: SpywareBlaster, manual Mbam, SAS
You must log in or register to reply here.

Similar threads

Worm:Win32/Mogoogwi.A!Ink Removal
Replies
2
Views
3K
Derstine
D
Solved Worm:Win32/Ainslot.A
Replies
5
Views
12K
CommandoBob
C
Back
Top