Hi avast recently found msb.exe in my system files, I have removed it to the chest as was suggested. I search it in google and it showed it was a Trojen. Since removal my Net has been sending more than recieveing and the transmit rate is much higher than the recieve rate. As you can probably tell Im not that Savvy with Computers and viruses. Im running Avast! and Zone Alarm on my Pc. OS is xp All up to date. Hope this is enough information for anyone to help me out. I would just like to know if there is a connection between the net and msb.exe and how to remove it and its tenticals from my system…lol Sorry if Im confussing you!!
Just checked it out and it is a WIN32:Zlob-CWZ…Any Ideas?
Well that really contradicts any link if transmission increases ‘after’ removal of msb.exe, so I would say that you have other issues. I’m none to impressed with the free zone alarm to protect against unauthorised outbound connections. It is restricted in the protection level in the hope you would purchase the ZA Pro version.
Rogueware (fake security applications) is often associated with Zlob detections.
If you haven’t already got this software (freeware), download, install, update and run it and report the findings (it should product a log file).
-
- MalwareBytes Anti-Malware, On-Demand only in free version http://download.bleepingcomputer.com/malwarebytes/mbam-setup.exe, right click on the link and select Save As or Save File (As depending on your browser), save it to a location where you can find it easily later. - 2. SUPERantispyware On-Demand only in free version.
Don’t worry about reported tracking cookies they are a minor issue and not one of security, allow SAS to deal with them though. - See http://en.wikipedia.org/wiki/HTTP_cookie.
OK im downloading it now, I hope I do this right as I said in my first post Im not real computer savvy!!lol
I dont know if this will work sorry about all the trouble, I think I have added the logs for Malwarebytes here>
Malwarebytes’ Anti-Malware 1.39
Database version: 2440
Windows 5.1.2600 Service Pack 3
16/07/2009 11:24:01 PM
mbam-log-2009-07-16 (23-23-54).txt
Scan type: Quick Scan
Objects scanned: 103818
Time elapsed: 4 minute(s), 33 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 8
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\xml.xml (Trojan.FakeAlert) → No action taken.
HKEY_CLASSES_ROOT\xml.xml.1 (Trojan.FakeAlert) → No action taken.
HKEY_CLASSES_ROOT\CLSID{500bca15-57a7-4eaf-8143-8c619470b13d} (Trojan.FakeAlert) → No action taken.
HKEY_CLASSES_ROOT\Typelib{40196867-19f8-7157-c097-ecaff653c9ad} (Trojan.FakeAlert) → No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats{500bca15-57a7-4eaf-8143-8c619470b13d} (Trojan.FakeAlert) → No action taken.
HKEY_CURRENT_USER\SOFTWARE\Cognac (Rogue.Multiple) → No action taken.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) → No action taken.
HKEY_CURRENT_USER\SOFTWARE\ColdWare (Malware.Trace) → No action taken.
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Cognac (Trojan.FakeAlert) → No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ColdWare (Malware.Trace) → No action taken.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
What do I do now? Do I quarantine or delete?
I am still downloading the other as my download speed has dropped dramatically.
Thank you for you help!
The detections look good so allow MBAM to deal with them.
- Run MBAM again and this time when the scan is complete, all detections should have a check mark in the box to the left of the entry, leave them selected (or select if not selected). At the bottom of the window there is a button, Remove Selected, click that and the items will be removed.
Thank you so much David!! Apologies for any confusion. Much appreciated!! your a champ!!!
You’re welcome.