msmpeng.exe

Hi

Recently I scanned my computer and the antivirus shown that there are several files (msmpeng.exe) are infected (and one of them is infected by trojan) but I can’t do anything to deal with them…Please help!

I suggest:

  1. Clean your temporary files.
  2. Schedule a boot time scanning with avast with archive scanning turned on. If avast does not detect it, you can try DrWeb CureIT! instead.
  3. Use MBAM (or SUPERantispyware or even Spyware Terminator) to scan for spywares and trojans. If any infection is detected, it is better and safer to send the infected file(s) to quarantine (Chest), rather than simply deleting them.
  4. Test your machine with anti-rootkit applications. I suggest avast! antirootkit or Trend Micro RootkitBuster.
  5. Make a HijackThis log to post here or this analysis site. Or even submit the RunScanner log to to on-line analysis.
  6. Clean your Hosts file (replacing it) with HostsMan tool.
  7. Disable System Restore and then reenable it again.
  8. Immunize your system with SpywareBlaster.
  9. Check if you have insecure applications with Secunia Software Inspector.

You have windows defender installed ?

  • it is loading unencrypted virus signatures into memory.

You are running a custom scan - you have elected to scan Memory ?

These detections are in memory and are loaded by msmpeng.exe it doesn’t mean that msmpeng.exe is infected.

- Detections in Memory - The Custom scan in which you have elected to scan Memory and that all these detections are in memory or are listings of files that can't be scanned. Since they aren't physical files they can't be moved to the chest, deleted, etc. so there is no action that can be taken, hence the Apply button being greyed out. 

The detections in memory are frequently other security applications loading unencrypted virus signatures into memory. 

Having set off a scan of memory by an antivirus application looking for virus signatures, don't be too surprised if it finds some in memory.

Thanks for your replies

I don’t know much about computer so actually I don’t understand what the replies mean.

I installed the Windows Defender and I chose to scan Memory . You mean the " infected files" cannot be deleted but in my computer scan results the “files” are marked as :
Win32:BHO-TA[Trj]
JS:Pdfka-AJM[Expl]
NSIS:Downloader-CC[Trj]
BV::AutoRun-E[Wrm]
Win32:Wmall-gen2[Trj]
Win32:Small-HUF[Trj]
Win32:2bot-AVH[Trj]

I wondered if they are really infected and what should I do…

You can’t delete a memory block these aren’t physical files in the same sense as a file on your hard disk.

What should you do either stop scanning the memory of stop using windows defender so it doesn’t load virus unencrypted signatures into memory. The Quick and Full System scans are fine for all normal purposes. Either that or you have to know what the repercussions of a custom scan and any settings that you add/change.