Re: got this trojan in a file called mscmsr.dll - don't know where it came from...

From: "David De" <daviddelaneyfilmdirector@xxxxxxxxx>

| I am sorry I don't know the name of the trojan, just the file it seems
| to have infected. My anti-vir (AVIRA) software has detected it a few
| times and I delete it, only to find it reoccuring again and again.
|
| I am dealing with this issue of a trojan that my Anti-Vir software
| continues to inform me about when I run any spyware programs like
| Lavasoft or Spybot. I delete the file with the Anti-Vir, but it seems
| to keep popping up. I think this is a new one because the google
| search I did on it says 'March 04, 2008'...lucky me. So what do I do
| about it? Right now I am running Anti-Vir full system check in Safe
| mode - taking forever 2 hours already and only at 10% of a 80gig hard
| drive. The files is located in the Windows/system32 folder.
| Anybody else have this trojan? Any suggestions? I can't do a system
| restore because I have been instead backing up my hard drive about
| once a month (and it has been close to a month since the last backup,
| so I would lose a month of work).

OK, now that your here, we can discontine the other thread.

Please check your Avira AntiVir logs. The name of the Trojan will be helpful.

Also you noted that you can delete the file but it keeps coming back. It obviously has a
peer file loaded and keeping the infection going.

However if you can delete the file, c:\Windows\system32\mscmsr.dll, please submit a sample
to Virus Total. You may have to disable AntiVir temporarily to submit the file.

http://www.virustotal.com/flash/index_en.html
The submission will then be tested against many different AV vendor's scanners.
That will give you an idea what it is and who recognizes it. In addition, unless told
otherwise, Virus Total will provide the sample to all participating vendors.

You can also submit a suspect, one at a time, via the following email URL...
mailto:scan@xxxxxxxxxxxxxx?subject=SCAN

When you get the report, please post back the exact results.



--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp


.

Relevant Pages