Jump to content

Recurring infections


Recommended Posts

Good afternoon,

I'm trying to clean up a clients PC but the malware keeps returning.

None of the reported files or directories are actually to be found on the harddrive, not even with systemfolders and hidden content shown.

( a Windows Search of the entire C-drive including system dirs and hidden files doesn't find msn.exe either )

The latest versions of HitMan Pro, SUPERAntiSpyware and the installed Kaspersky AV do not find any threats whatsoever.

I've installed and updated Malwarebytes, rebooted into safe mode, unplugged LAN, perform a full scan, remove everything, and reboot.

But the msn.exe reports are back straight after the reboot.

It does not seem to affect the PC, there are no strange processes or services running, and everything is working as it should.

Why is it that Malwarebytes keeps finding msn.exe ?

Please help me!

I've added logs for your information.

attach.txt

dds.txt

mbam-log-2012-08-24 (12-23-19).txt

Link to post
Share on other sites

Welcome to the forum.

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller to your desktop.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

MrC

Link to post
Share on other sites

Is this a business computer? MrC

Yes it is, it's from a customer of ours.

We've ran into this msn.exe a dozen of times without being able to solve it and reïnstalled the entire computer each time.

But it's gotten to the point where we need a solution because it happens to different customers, and it's costing a lot of time!

So I'm hoping you could help me with this!

Link to post
Share on other sites

It's caused by this program > Kaseya

R2 KAINFRCM37783768100881;Kaseya Agent;c:\program files\kaseya\infrcm37783768100881\AgentMon.exe [2012-5-31 856064]

It needs to be updated or removed.

MrC

Kaseya is our monitoring and system administration tool, it's a professional tool, but rather intrusive so I could understand it causing (false?) positives.

I have a few questions though:

- are the malwarebytes msn.exe results ignorable, or can they cause harm?

- only a few of our customers PC's have the msn.exe stuff going on, all others with Kaseya have not, does that mean that these systems have simply been infected via vulnerabilities within Kaseya?

- how did you figure out it's Kaseya? I'm a systems administrator and would love to be able to troubleshoot this myself!

Link to post
Share on other sites

- are the malwarebytes msn.exe results ignorable, or can they cause harm?

Yes,you can ignore them

- only a few of our customers PC's have the msn.exe stuff going on, all others with Kaseya have not, does that mean that these systems have simply been infected via vulnerabilities within Kaseya?

No, it's caused by the program itself > usually it needs to be updated

- how did you figure out it's Kaseya? I'm a systems administrator and would love to be able to troubleshoot this myself

It's a know problem, the program causes ghost entires.

MrC

Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.