got this trojan mscmsr.dll - don't know where it came from...

  • Thread starter Thread starter David D
  • Start date Start date
D

David D

I am dealing with this issue of a trojan that my Anti-Vir software
continues to inform me about when I run any spyware programs like
Lavasoft or Spybot. I delete the file with the Anti-Vir, but it seems
to keep popping up. I think this is a new one because the google
search I did on it says 'March 04, 2008'...lucky me.
So what do I do about it? Right now I am running Anti-Vir full system
check in Safe mode. The files is located in the Windows/system32
folder.
Anybody else have this trojan? Any suggestions? I can't do a system
restore because I have been instead backing up my hard drive about
once a month (and it has been close to a month since the last backup,
so I would lose a month of work).
 
Try running your antivirus program from SafeMode. Once cleaned do not shut
down the computer in the conventional way. Instead pull the power plug. Yes
this will cause the computer to do a very hard shut off. However what it
will do is prevent a clever stay resident bit of malware from rewriting
itself during the normal shut down process. You should be able to do a hard
shut off this way without causing damage to your computer.

I have not used the process with this specific trojan but I have used it
successfully in the past with other nasties that like to reinstall with a
new name during shutdown.
 
From: "David D" <[email protected]>

| I am dealing with this issue of a trojan that my Anti-Vir software
| continues to inform me about when I run any spyware programs like
| Lavasoft or Spybot. I delete the file with the Anti-Vir, but it seems
| to keep popping up. I think this is a new one because the google
| search I did on it says 'March 04, 2008'...lucky me.
| So what do I do about it? Right now I am running Anti-Vir full system
| check in Safe mode. The files is located in the Windows/system32
| folder.
| Anybody else have this trojan? Any suggestions? I can't do a system
| restore because I have been instead backing up my hard drive about
| once a month (and it has been close to a month since the last backup,
| so I would lose a month of work).

There are anti virus news groups specifically for this kind of subject matter.
In the Microsoft.* hierarchy the news group is; microsoft.public.security.virus

What anti virus application ?
When you say "my Anti-Vir" do you mean Avira AntiVir ?

You say "Anybody else have this trojan?"
What Trojan ? All you have supplied is the name of a DLL file.

Please provide the name of the infector your anti virus application declared the file
c:\Windows\system32\mscmsr.dll to be infected with.

BTW: System Restore does NOT backup data files. The System Restore functionality only
backs up; EXE, DLL and other OS related files and constructs such as the Registry. It will
not backup or restore MS Office data files, PDF files, etc.
 
I did a search on google groups and the first I came to was this one,
sorry I will post in the other one. But to answer your questions : I
don't know the name of the trojan virus, with Avira Anti Vir, I just
saw the name of the .dll, maybe I wasn't looking hard enough.
 
From: "David D" <[email protected]>

| I did a search on google groups and the first I came to was this one,
| sorry I will post in the other one. But to answer your questions : I
| don't know the name of the trojan virus, with Avira Anti Vir, I just
| saw the name of the .dll, maybe I wasn't looking hard enough.

You are already here so there no need to to start another thread in m.p.s.v
In the furure you, and other readers of this thread, will know where to post on
virus/malware related problems.

Please check your Avira AntiVir logs. The name of the Trojan will be helpful.
 
Unexplained computer behavior may be caused by deceptive software
http://support.microsoft.com/kb/827315

Run a /thorough/ check for hijackware, including posting your hijackthis log
to an appropriate forum.

Checking for/Help with Hijackware
http://aumha.org/a/parasite.htm
http://aumha.org/a/quickfix.htm
http://aumha.net/viewtopic.php?t=5878
http://wiki.castlecops.com/Malware_Removal_and_Prevention:_Introduction
http://mvps.org/winhelp2002/unwanted.htm
http://inetexplorer.mvps.org/data/prevention.htm
http://inetexplorer.mvps.org/tshoot.html
http://www.mvps.org/sramesh2k/Malware_Defence.htm
http://defendingyourmachine2.blogspot.com/
http://www.elephantboycomputers.com/page2.html#Removing_Malware

When all else fails, HijackThis v2.0.2
(http://aumha.org/downloads/hijackthis.zip) is the preferred tool to use.
It will help you to both identify and remove any hijackware/spyware with
assistance from an expert. **Post your log to
http://forums.spybot.info/forumdisplay.php?f=22,
http://castlecops.com/forum67.html,
http://forums.subratam.org/index.php?showforum=7,
http://aumha.net/viewforum.php?f=30, or other appropriate forums for review
by an expert in such matters, not here.**

If the procedures look too complex - and there is no shame in admitting this
isn't your cup of tea - take the machine to a local, reputable and
independent (i.e., not BigBoxStoreUSA) computer repair shop.
 
David said:
I am dealing with this issue of a Trojan that my Anti-Vir software
continues to inform me about when I run any spyware programs like
Lavasoft or Spybot. I delete the file with the Anti-Vir, but it seems
to keep popping up. I think this is a new one because the google
search I did on it says 'March 04, 2008'...lucky me.
So what do I do about it? Right now I am running Anti-Vir full system
check in Safe mode. The file is located in the Windows\system32
folder.
Anybody else have this Trojan? Any suggestions? I can't do a system
restore because I have been instead backing up my hard drive about
once a month (and it has been close to a month since the last backup,
so I would lose a month of work).

Try one of these Virus Removal Tools:

Avast! One tool for any current virus
http://www.avast.com/eng/avast-virus-cleaner.html

Symantec Virus Removal Tools
http://www.symantec.com/business/security_response/removaltools.jsp

F-Secure Virus Removal Tools
http://www.f-secure.com/download-purchase/tools.shtml

Kaspersky Virus Removal Tools
http://www.kaspersky.com/removaltools
 
Xandros said:
Try running your antivirus program from SafeMode. Once cleaned do not shut
down the computer in the conventional way. Instead pull the power plug.
Yes this will cause the computer to do a very hard shut off. However what
it will do is prevent a clever stay resident bit of malware from rewriting
itself during the normal shut down process. You should be able to do a
hard shut off this way without causing damage to your computer.

Thus can be risky, if the hard drive cash has not flushed when you pull the
plug (9 times out of 10 you might get away with it). Give it a couple of
minutes before you do this, to allow the cache to flush while the system is
idle.
 
To get rid of virus delete the Primary partition and new partition then
install windows xp.I think your computer is not fully patched.Install
service pack 2 and install all windows upadtes patches.
Please also read this microsoft to safe guard your computer against future
attacks.
http://support.microsoft.com/kb/129972/en-us
 
Back
Top