Ashquick : virus detected

Hello everybody

I’ve put a shortcut in the startup program to Ashquick with parameters “*MEMORY” “*STARTUP”.

When it starts, I have a message telling me that there’s a virus. Virus name : Win32:SdBot-194-B [Trj]. Process 2028, memory bloc 0x00400000. I’ve run a program to see informations about this process. Result : c:\windows\system32\Msbb.exe.
When I scan this file ( right click on it, then scan ) : no message found.

Can you help me ? Is ashquick really a good idea at startup or no ?

Sorry for my english, but I’m French.

Sincerely.

Msbb.exe is spyware as you can read HERE

I suggest you click on the link in my signature and follow the instructions on that page to clean your system.

In fact, if you keep the providers enabled (on-access) and run regular scans or, better, a boot time scanning I think it’s an extra precausion that will only delay the boot :frowning:

Is ashquick really a good idea at startup or no ?
I think it is not. Why? Windows does not load all applications/services in the same sequence each time you boot. Lets say you have one harmfull thing loading and the rest is legitimate. You boot your system and ashquick, finds it. You boot again and ashquick doesn't find it because the harmfull thingy loads this time after ashquick.

What you should do than? That is up to you ofcourse. I would say have the resident scanner on all the time as well as the other providers within Avast. Depending on your surfing/download behaviour and how you have setup the rest of the security, I would say 1 full system scan or boottime scan once a week. And in addition to this a full online scan every 2-3 weeks. Also use Ad-Aware and Spybot S&d once a week. You can, if you wish, automate this with taskmanager and/or a batch file if needed/wanted.

I hope this info answered your question. If not, let us know.

Hi Eddy & qtaillandier,

Imho in this case, “msbb.exe” is not part of the 180-Solutions-Spyware,
but of a rather more dangerous BackDoor-Network-worm:
http://www.trendmicro.com/vinfo/virusencyclo/default2.asp?m=q&virus=Msbb.exe&alt=Msbb.exe
http://www.virusbtn.com/perlbin/vgrep/vgrep.cgi?terms=sdbot-194-b&product=1

→ AGAIN:

  • Apply all WindowsUpdates
  • change all passwords (set SECURE ones !!), also change PINs etc
  • post a hijackthis-Log for diagnosis
  • secure your system, shares, browser & Email-Client

Info:
The path doesn’t fit → 180-Solution usually doesn’t put it’s stuff in the %system%-folder:
http://www.pestpatrol.com/zks/pestinfo/other/180solutions.asp

whocares,
HERE is the full clickable link.