Jump to content

virus after recovery disks ?


ra2
 Share

Recommended Posts

ive been installing the recovery cd numerous times , attempting to figure out if its a false positive or not .. the same two trojan.downloaders always come out in the same locations .. im am not certain what to do now.. ihavent deleted ,quarantined or done anything else.

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4370

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

7/30/2010 11:44:21 AM

mbam-log-2010-07-30 (11-44-21).txt

Scan type: Full scan (C:\|)

Objects scanned: 178051

Time elapsed: 54 minute(s), 24 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 1

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mscmtsrvc (Trojan.Downloader) -> No action taken.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\WINDOWS\system32\msCMTsrvc.exe (Trojan.Downloader) -> No action taken.

Link to post
Share on other sites

ive been installing the recovery cd numerous times , attempting to figure out if its a false positive or not .. the same two trojan.downloaders always come out in the same locations .. im am not certain what to do now.. ihavent deleted ,quarantined or done anything else.

Is your computer a Compaq? A quick Google search for mscmtsrvc returns these findings, among others.

http://www.bleepingcomputer.com/startups/m....exe-10744.html

This is a valid program but it is not required to run on startup.

This program is not required to start automatically as you can run it when you need to. It is advised that you disable this program so that it does not take up necessary resources. The following information is a brief description of what is known about this file. If you require further assistance for this file, feel free to ask about in the forums.

Name: Content Monitoring Tool

Filename: msCMTSrvc.exe

Command: Unknown at this time.

Description: An application that is bundled with certain Compaq computers that downloads and displays "Hot Deals" when new merchandise is available from Compaq.

File Location: C:\WINDOWS\system32\msCMTSrvc.exe

Startup Type: This startup entry is installed as a Windows service.

Service Name: msCMTSrvc

Service Display Name: Content Monitoring Tool

HijackThis Category: O23 Entry

http://www.pcpitstop.com/libraries/process...mtsrvc.exe.html

PC Pitstop Analysis

Win Patrol

msCMTSrvc.exe - Shipped with some Compaq computers. Accesses the Compaq site every 10 minutes to check for "Hot Deals", which is marketing speak for advertising. Does not pose a threat, but also has no redeeming value. However, this file does not have any vendor or product information, so a malicious file could masquerade itself using the same file name. Shown as the "Content Monitoring Tool Service" in the Windows Services list. See this tech note on the HP/Compaq site.

mscmtsrvc.exe uses excessive system and memory resources with no corresponding benefit. Applications such as these should be disabled to improve overall system performance.

http://windowsxp.mvps.org/mscmtsrvc.htm

msCMTSrvc.exe is attempting to access the internet'

Symptom

Your firewall application may prompt that

Link to post
Share on other sites

  • 5 weeks later...
  • 5 weeks later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.