C:\windows\system32\msiinet.exe

[lvhkyjr2]

Anyone know anything about this start up program, MSIINET.EXE? Its showing up all of a sudden with all my start up items and in my system processes.

[dvk01]

It's probably this one here

http://sarc.com/avcenter/venc/data/adware.vanish.html

we need a HJTlog to check

follow this link for instructions
http://www.wilderssecurity.com/showthread.php?t=15913

because hijackthis site is down due to a denial of service attack here are a couple of other sites to get it from

http://www.sherrylynn.us/HijackThis.exe
http://mjc1.com/mirror/hjt/

[lvhkyjr2]

I deleted the msiinet.exe from my system32 folders before posting this...


Logfile of HijackThis v1.97.7
Scan saved at 7:02:24 AM, on 2/13/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Eset\nod32kui.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Documents and Settings\Owner\Desktop\hijackthis1977\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.fujitsupc.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [IndicatorUtility] C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
O4 - HKLM\..\Run: [LoadFujitsuQuickTouch] C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
O4 - HKLM\..\Run: [LoadBtnHnd] C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [msiinet] C:\WINDOWS\system32\msiinet.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Real.com (HKLM)
O10 - Broken Internet access because of LSP provider 'imon.dll' missing
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.fujitsupc.com/
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,74/mcinsctl.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38029.4235069444
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

[Pieter_Arntz]

Hi lvhkyjr2,

Then it would be best if you would disable it's startup as well:
Have HijackThis Fix:
O4 - HKLM\..\Run: [msiinet] C:\WINDOWS\system32\msiinet.exe

(Put a checkmark before that entry and click Fix checked).

Regards,

Pieter

[lvhkyjr2]

alright but what was that, I know I got it after downloading a freeware program called free history cleaner which I uninstalled. Im stacked with all sorts of anti spyware ,virus ect.....protection

[Pieter_Arntz]

Hi lvhkyjr2,

Check out the first link dvk01 gave you.

Free history cleaner has been known to play tricks like that before:
http://sarc.com/avcenter/venc/data/adware.fapi.html

Regards,

Pieter

[lvhkyjr2]

alright I read that link, the symantec anti virus detects it? but my nod32 anti - virus dosnt, I highly doubt that, it must not be a big deal

[Pieter_Arntz]

Symantec started adding Adware to their definitions fairly recently and I'm not (yet) very impressed with their ability to remove it, but they are adding lots of it, so that might take some time, or it is caused by me using the 2003 build, the 2004 might do a better job.

Anyway, I have dedicated programs for viruses, trojans and spyware and if one chooses to detect something extra, that is fine with me.

NOD32 only recognizes some spyware and when they do, it usually finds the ones that are using methods that would qualify them for a heavier category.

Regards,

Pieter

[dvk01]

Quote:

quoting: Pieter_Arntz link=board=30;threadid=21786;start=0#msg130766 date=1076690284]
Symantec started adding Adware to their definitions fairly recently and I'm not (yet) very impressed with their ability to remove it, but they are adding lots of it, so that might take some time, or it is caused by me using the 2003 build, the 2004 might do a better job.

Anyway, I have dedicated programs for viruses, trojans and spyware and if one chooses to detect something extra, that is fine with me.

NOD32 only recognizes some spyware and when they do, it usually finds the ones that are using methods that would qualify them for a heavier category.

Regards,

Pieter

I totally agree, except norton 2004 isn't any better at removing them
Norton is fairly good at detecting some of the spyware/adware that is circulating, but along with many other antiviruses including AVG, etc , none of them are very successful at removing them

I see a lot of posts on other forums where users have had AVG or norton detect spyware/adware and supposedly remove them and come running for help because only part was removed and the bad part was still active

You really need to use a specific spyware/adware remover like spybot or adaware alongside your antivirus/antitrojan

No one product can deal with all the threats we are exposed to today.

You NEED an overlapping layer of defences