Solved Worm:Win32/Ainslot.A

CommandoBob · Sep 26, 2011

Category: Worm

Description: This program is dangerous and self-propagates over a network connection.

Recommended action: Remove this software immediately.

Security Essentials detected programs that may compromise your privacy or damage your computer. You can still access the files that these programs use without removing them (not recommended). To access these files, select the Allow action and click Apply actions. If this option is not available, log on as administrator or ask the security administrator for help.

Items:
process

id:2196

Get more information about this item online.

I somehow got this worm on my PC and whenever I try to remove it Microsoft Security Essentials it gives me an BSOD 0x0000004. Help!

Layback Bear · Sep 26, 2011

https://connect.microsoft.com/systemsweeper
Give this a shot. It's free from Microsoft.
Please let us know what is found

CommandoBob · Sep 26, 2011

Will try once home, ty

StalkeR · Sep 26, 2011

We have tutorial also.

http://www.sevenforums.com/tutorials/166445-microsoft-standalone-system-sweeper.html

CommandoBob · Sep 26, 2011

Full scan and didn't found anything.

--------------------------------------------------------------------------------
Standalone System Sweeper Log, (c) 2006
Started On Mon Sep 26 2011 15:35:20
************************************************************
Product Version: 2.0.213.0
Engine Version: 1.1.2803.0
AS Signature Version: 1.0.0.0
AV Signature Version: 1.0.0.0
************************************************************
Signature updated on Mon Sep 26 2011 15:35:41
Product Version: 2.0.213.0
Engine Version: 1.1.7702.0
AS Signature Version: 1.113.275.0
AV Signature Version: 1.113.275.0
************************************************************
Standalone System Sweeper Log, (c) 2006
Stopped On Mon Sep 26 2011 16:33:21 (Exit Code = 0x0)
************************************************************
--------------------------------------------------------------------------------
Standalone System Sweeper Log, (c) 2006
Started On Mon Sep 26 2011 16:43:45
************************************************************
Product Version: 2.0.213.0
Engine Version: 1.1.2803.0
AS Signature Version: 1.0.0.0
AV Signature Version: 1.0.0.0
************************************************************
Signature updated on Mon Sep 26 2011 16:43:58
Product Version: 2.0.213.0
Engine Version: 1.1.7702.0
AS Signature Version: 1.113.275.0
AV Signature Version: 1.113.275.0
************************************************************
--------------------------------------------------------------------------------
Standalone System Sweeper Log, (c) 2006
Started On Mon Sep 26 2011 17:12:34
************************************************************
Product Version: 2.0.213.0
Engine Version: 1.1.2803.0
AS Signature Version: 1.0.0.0
AV Signature Version: 1.0.0.0
************************************************************
Signature updated on Mon Sep 26 2011 17:12:47
Product Version: 2.0.213.0
Engine Version: 1.1.7702.0
AS Signature Version: 1.113.275.0
AV Signature Version: 1.113.275.0
************************************************************

ERRORS_ONLY=0
MAX_SIZE=5120
APPEND=1
MAX_LINE_SIZE=256
-------------------------------------------------
START 2011/09/26 15:35:01:502 TID:800 PID:768

INFO 2011/09/26 15:35:01:502 TID:800 PID:768
Binary architecture is amd64

INFO 2011/09/26 15:35:01:534 TID:800 PID:768
IsFileExists(C:\Windows\SysWOW64\ntdll.dll) returned 0x00000000

INFO 2011/09/26 15:35:01:534 TID:800 PID:768
CheckProcessorArchitecture returned 0x00000000

INFO 2011/09/26 15:35:01:534 TID:800 PID:768
SetRecoveryEnvironmentKey returned 0x00000000

INFO 2011/09/26 15:35:01:534 TID:800 PID:768
GetSystemSweeperPath returned 0x00000000

INFO 2011/09/26 15:35:01:534 TID:800 PID:768
System Sweeper Directory = 'x:\Program Files\Standalone System Sweeper'

WARNING 2011/09/26 15:35:01:534 TID:800 PID:768
Missing definitions file in 'C:\mpam-fex64.exe'

INFO 2011/09/26 15:35:01:534 TID:800 PID:768
Found definitions file in 'D:\mpam-fex64.exe'

INFO 2011/09/26 15:35:01:534 TID:800 PID:768
Signatures File Target = 'x:\Program Files\Standalone System Sweeper\mpam-fe.exe'

INFO 2011/09/26 15:35:14:575 TID:800 PID:768
CopySignatureFile returned 0x00000000

INFO 2011/09/26 16:33:24:395 TID:800 PID:768
RunCallisto returned 0x00000000

FINISH 2011/09/26 16:33:24:395 TID:772 PID:768

START 2011/09/26 16:43:27:014 TID:816 PID:808

INFO 2011/09/26 16:43:27:014 TID:816 PID:808
Binary architecture is amd64

INFO 2011/09/26 16:43:27:061 TID:816 PID:808
IsFileExists(C:\Windows\SysWOW64\ntdll.dll) returned 0x00000000

INFO 2011/09/26 16:43:27:061 TID:816 PID:808
CheckProcessorArchitecture returned 0x00000000

INFO 2011/09/26 16:43:27:061 TID:816 PID:808
SetRecoveryEnvironmentKey returned 0x00000000

INFO 2011/09/26 16:43:27:061 TID:816 PID:808
GetSystemSweeperPath returned 0x00000000

INFO 2011/09/26 16:43:27:061 TID:816 PID:808
System Sweeper Directory = 'x:\Program Files\Standalone System Sweeper'

WARNING 2011/09/26 16:43:27:061 TID:816 PID:808
Missing definitions file in 'C:\mpam-fex64.exe'

INFO 2011/09/26 16:43:27:061 TID:816 PID:808
Found definitions file in 'D:\mpam-fex64.exe'

INFO 2011/09/26 16:43:27:061 TID:816 PID:808
Signatures File Target = 'x:\Program Files\Standalone System Sweeper\mpam-fe.exe'

INFO 2011/09/26 16:43:40:087 TID:816 PID:808
CopySignatureFile returned 0x00000000
START 2011/09/26 17:12:15:624 TID:824 PID:768

INFO 2011/09/26 17:12:15:624 TID:824 PID:768
Binary architecture is amd64

INFO 2011/09/26 17:12:15:656 TID:824 PID:768
IsFileExists(C:\Windows\SysWOW64\ntdll.dll) returned 0x00000000

INFO 2011/09/26 17:12:15:656 TID:824 PID:768
CheckProcessorArchitecture returned 0x00000000

INFO 2011/09/26 17:12:15:656 TID:824 PID:768
SetRecoveryEnvironmentKey returned 0x00000000

INFO 2011/09/26 17:12:15:656 TID:824 PID:768
GetSystemSweeperPath returned 0x00000000

INFO 2011/09/26 17:12:15:656 TID:824 PID:768
System Sweeper Directory = 'x:\Program Files\Standalone System Sweeper'

WARNING 2011/09/26 17:12:15:656 TID:824 PID:768
Missing definitions file in 'C:\mpam-fex64.exe'

INFO 2011/09/26 17:12:15:656 TID:824 PID:768
Found definitions file in 'D:\mpam-fex64.exe'

INFO 2011/09/26 17:12:15:656 TID:824 PID:768
Signatures File Target = 'x:\Program Files\Standalone System Sweeper\mpam-fe.exe'

INFO 2011/09/26 17:12:28:697 TID:824 PID:768
CopySignatureFile returned 0x00000000

CommandoBob · Sep 26, 2011

Ran in safe mode and removed with Malwarebytes. Close please!

Solved Worm:Win32/Ainslot.A

CommandoBob

New member

My Computer

At a glance

Layback Bear

3 Brain Cells

My Computer

At a glance

CommandoBob

New member

My Computer

At a glance

StalkeR

New member

My Computer

At a glance

CommandoBob

New member

My Computer

At a glance

CommandoBob

New member

My Computer

At a glance

Solved Worm:Win32/Ainslot.A

CommandoBob

New member

My Computer My Computer

At a glance

Layback Bear

3 Brain Cells

My Computer My Computer

At a glance

CommandoBob

New member

My Computer My Computer

At a glance

StalkeR

New member

My Computer My Computer

At a glance

CommandoBob

New member

My Computer My Computer

At a glance

CommandoBob

New member

My Computer My Computer

At a glance

My Computer

My Computer

My Computer

My Computer

My Computer

My Computer