any one has info about: msagnts.exe

I found this entry (msconfig>startup)

HKLM\...\RUN:[Ns Agnt]msagnts.exe

1-Google search: Nil
2-on line Hijackthis log analysis Read: Unknown service should be fixed

Have you guys any info about "msagnts.exe" and is it safe to fix it using Hijackthis.Thank you

 

Hello Hadi, and Welcome.

As you may have read, Wilder's unfortunately no longer processes HJT logs. You'd be far safer to post a HJT log at one of the *participating* sites listed on that page. But if you're one to tinker, I would suggest reviewing the information provided here.

Beyond that (sorry you didn't mention you're OS), you could take a look at "How to manage Windows Startup"
and "How Malware hides and is installed as a service on Windows NT/XP/2000/2003."

If you could forward any other info or symptoms you're system may be suffering,
I'd be happy to look further.


GF

 

OS: XP Pro SP2, IE6
I Use this link to analyze Hijackthis log
http://www.hijackthis.de/index.php?langselect=english
I've removed the entry related to "msagnts.exe" using Hijackthis
still I want to know what this service is
so far so good
fingers crosed
Thnx

 

Hi hadi,

Fixing the startup line in HijackThis will only stop the file from running, but of course doesn't remove the file. Since this seems to be an unknown file and its name very similar to a windows file, that right there makes it suspicious.

Before deleting any unknown file(s) you should first invesitgate it further. You can do a search of your system and once the file is located, right-click on it and choose Properties, then look under the tabs to see if there is anything there that might help identify the file. If nothing looks familiar to you, then upload the file to Jotti's malware scan for a check.

With most infections, there is rarely only one file involved, and other files may be hidden, or further infected files downloaded while the unknown file was running.

You have not mentioned if you have any security apps installed (anti-virus, anti-spyware, etc.) or if you've done a scan with them. If you do not have any security apps installed, then you can follow the General Cleaning Instructions.

The on-line HijackThis Analysis is not recommended. I would suggest you follow up with posting a HijackThis log at one of the sites listed here: http://www.a-sap.org/ where an experienced HijackThis log Analyst can review the log and give you instructions for checking your system further for any hidden malware.

Please let us know what you find as it may help others who could also have this file on their system.

Regards,

snap

 

You could also submit the file itself (msagnts.exe) for example here:
http://virusscan.jotti.org/ and see what comes up.
In case of doubt send a (preferably zipped) copy to the email address in my profile with a link to this thread and I'll have a look.

Regards,

Pieter

LOL. Hi snapdragin

 

LOL! Hi Pieter I wondered if you might want a copy of that.

hadi, as Pieter has requested, please do send him a copy of the file (msagnts.exe) for analysis.

Thank you,

snap

 

@snapdragin
AV: NOD32 2 12 4 (trial)

@Pieter_Arntz
I scanned the file (12Kb) with nod and other 6 AVs. result:normal
I think (only think from the icon shape) its related to net connection service.
but couldnt fine any info about it anywhere

 

I think msagent is something that MS Anti-spyware uses...

Do you have that installed?

 

@TylerGred
GREAT people always here
YES. Thank you very much
I remember now that I've downloaded "microsoft antispyware" when I saw its beta after I clicked install I canceled the install. That explain why the entry is in startup.I wonder why google search turns up with nothing.
Thanks m8

 

Well I just saw that you wrote "msagnts.exe"

I have no idea what "msagnts.exe" is, however "msagent.exe" is what I was talking about.

Hopefully you just had a typo... if not, then I don't think its MS-AS related.

 

NO typing errors
msagnts.exe

that isthe name.
But I'm sure the entry appears after I was trying microsoft anti spyware BETA!! because I check periodically [msconfig>startup}.

 

The Startup entry for the version of MSAS I have is:
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"

I do not have any files called msagnts.exe although I do have MSAS beta installed and the MicroSoft Agents

Could you please send me a copy, so I can have a look?

Regards,

Pieter

 

@TylerGred
You made sorting it out
Was happy to deleate the file. went back after your reply then in the recyclebin it reads underneath the name a graytext
---------------------
msagent
NS Internet Connection Module
NS SYSTEMS
---------------------
I had the internet connection months ago and I check weekly (msconfig > startup) why this thing didnt show up earlier.OR it hasnt got any thing to do with my internet connection.
confused!!!!!!!!!!

 

@Pieter_Arntz
I wanted to send you a copy but I can't access your profile I'M A GUEST at the moment. thanks

 

Hi hadi,

A guest can still view a member's profile. Click on the link Pieter gave you in Post #5 above. That will take you to his Profile Page. Once there, look under the "Additional Information" and you'll see the "Optional Contact Info" That is the email address to use to send the file to Pieter.

snap

 

@snapdragin

Whether clicking email or private message link
this page appears
https://www.wilderssecurity.com/sendmessage.php?do=mailmember&u=584

user/pass
that what I ment.

 

Well that is odd, as a guest using IE or Opera, I can view a members profile. Why you can't, I don't know. Ah, I see what you're saying now, and you are right you cannot as a guest send a PM (Private Message) or send an email by clicking the "send an email' link in the member's profile. That is why I mentioned to scroll down on the profile page and look at the "Additional Information" section to read the email address. Anyways...I've typed it out below:

But you can send the file to (pieter AT wilderssecurity.org) Replace the word "AT" with @ and remove the spaces.

 

@snapdragin

info sent to Pieter_Arntz

Thanks

 

Thanks for the file hadi.

I looked at it and didn't notice anything suspicious.
It didn't do much when I ran it, either.
Probably I'm missing some components for it to work. Maybe you can do a find-files for files that were created the same day and that will learn you something more. But I don't think it is something malicious.

Regards,

Pieter

 

It certainly looked suspicious, but felt it somehow wasn't a typo. I couldn't locate it on the web either, so please excuse my lack of experience in not mentioning Jotti's in my first reply. It was a good idea to suggest a date search on the file to gain some more info Pieter, and thanks for noticing I needed a little assistance jumping in Snap.

I had a feeling this might be something new when Google came up negative,
guess time will tell...


GF

 

I have the same file, its new, wasnt on my startup list the last time I checked and its not related to Microsoft AntiSpyware.

Also, when I searched for msagnts.exe, I found two files, one in C:\Windows\Prefect named "MSAGNTS.EXE-013393B3.pf" and the other in C:\Windows\System32 named "msagnts.exe". I'm not sure what that prefetch file is for. Also scanned the file on the site u mentioned earlier, seems clean.