C:\windows\system32\msiinet.exe

Discussion in 'malware problems & news' started by lvhkyjr2, Feb 13, 2004.

Thread Status:
Not open for further replies.
  1. lvhkyjr2

    lvhkyjr2 Registered Member

    Joined:
    Jan 13, 2004
    Posts:
    37
    Anyone know anything about this start up program, MSIINET.EXE? Its showing up all of a sudden with all my start up items and in my system processes.
     
  2. dvk01

    dvk01 Global Moderator

    Joined:
    Oct 9, 2003
    Posts:
    3,131
    Location:
    Loughton, Essex. UK
    It's probably this one here

    http://sarc.com/avcenter/venc/data/adware.vanish.html

    we need a HJTlog to check

    follow this link for instructions
    http://www.wilderssecurity.com/showthread.php?t=15913

    because hijackthis site is down due to a denial of service attack here are a couple of other sites to get it from

    http://www.sherrylynn.us/HijackThis.exe
    http://mjc1.com/mirror/hjt/
     
  3. lvhkyjr2

    lvhkyjr2 Registered Member

    Joined:
    Jan 13, 2004
    Posts:
    37
    I deleted the msiinet.exe from my system32 folders before posting this...


    Logfile of HijackThis v1.97.7
    Scan saved at 7:02:24 AM, on 2/13/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\Apoint2K\Apoint.exe
    C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
    C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
    C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
    C:\Program Files\Apoint2K\Apntex.exe
    C:\Program Files\Eset\nod32kui.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    C:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\Program Files\America Online 9.0\aoltray.exe
    C:\Program Files\SpywareGuard\sgmain.exe
    C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
    C:\Program Files\Eset\nod32krn.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\Program Files\SpywareGuard\sgbhp.exe
    C:\WINDOWS\System32\wltrysvc.exe
    C:\WINDOWS\System32\bcmwltry.exe
    C:\Documents and Settings\Owner\Desktop\hijackthis1977\HijackThis.exe
    C:\Program Files\Internet Explorer\iexplore.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.fujitsupc.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
    O4 - HKLM\..\Run: [IndicatorUtility] C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
    O4 - HKLM\..\Run: [LoadFujitsuQuickTouch] C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
    O4 - HKLM\..\Run: [LoadBtnHnd] C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
    O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
    O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
    O4 - HKLM\..\Run: [msiinet] C:\WINDOWS\system32\msiinet.exe
    O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
    O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
    O9 - Extra button: Related (HKLM)
    O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
    O9 - Extra button: Real.com (HKLM)
    O10 - Broken Internet access because of LSP provider 'imon.dll' missing
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.fujitsupc.com/
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,74/mcinsctl.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38029.4235069444
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
     
  4. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,332
    Location:
    Netherlands
    Hi lvhkyjr2,

    Then it would be best if you would disable it's startup as well:
    Have HijackThis Fix:
    O4 - HKLM\..\Run: [msiinet] C:\WINDOWS\system32\msiinet.exe

    (Put a checkmark before that entry and click Fix checked).

    Regards,

    Pieter
     
  5. lvhkyjr2

    lvhkyjr2 Registered Member

    Joined:
    Jan 13, 2004
    Posts:
    37
    alright but what was that, I know I got it after downloading a freeware program called free history cleaner which I uninstalled. Im stacked with all sorts of anti spyware ,virus ect.....protection
     
  6. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,332
    Location:
    Netherlands
    Hi lvhkyjr2,

    Check out the first link dvk01 gave you.

    Free history cleaner has been known to play tricks like that before:
    http://sarc.com/avcenter/venc/data/adware.fapi.html

    Regards,

    Pieter
     
  7. lvhkyjr2

    lvhkyjr2 Registered Member

    Joined:
    Jan 13, 2004
    Posts:
    37
    alright I read that link, the symantec anti virus detects it? but my nod32 anti - virus dosnt, I highly doubt that, it must not be a big deal
     
  8. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,332
    Location:
    Netherlands
    Symantec started adding Adware to their definitions fairly recently and I'm not (yet) very impressed with their ability to remove it, but they are adding lots of it, so that might take some time, or it is caused by me using the 2003 build, the 2004 might do a better job.

    Anyway, I have dedicated programs for viruses, trojans and spyware and if one chooses to detect something extra, that is fine with me.

    NOD32 only recognizes some spyware and when they do, it usually finds the ones that are using methods that would qualify them for a heavier category.

    Regards,

    Pieter
     
  9. dvk01

    dvk01 Global Moderator

    Joined:
    Oct 9, 2003
    Posts:
    3,131
    Location:
    Loughton, Essex. UK
    I totally agree, except norton 2004 isn't any better at removing them
    Norton is fairly good at detecting some of the spyware/adware that is circulating, but along with many other antiviruses including AVG, etc , none of them are very successful at removing them

    I see a lot of posts on other forums where users have had AVG or norton detect spyware/adware and supposedly remove them and come running for help because only part was removed and the bad part was still active

    You really need to use a specific spyware/adware remover like spybot or adaware alongside your antivirus/antitrojan

    No one product can deal with all the threats we are exposed to today.

    You NEED an overlapping layer of defences
     
Thread Status:
Not open for further replies.