MSN virus help

Posted on 2007-11-30
Last Modified: 2013-11-22
Last night my computer was infected with the virus via MSN messenger. My computer has been running scans and I have downloaded MSNCleaner by InfoSpyware, but the virus files have not been deleted. I don't understand how to or if I can find the file manually to delete it. I read a similar question, ID 22988522, but I am lost. PLEASE help. Thank you!!!
Question by:em_8802
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
LVL 21

Expert Comment

ID: 20386043
I would try an online scanner, see if that gets rid of the virus:

Trendmicro is a good one.
LVL 20

Accepted Solution

IndiGenus earned 500 total points
ID: 20386288
I happened to be in on the post you mentioned. Combofix got it I believe. Or at least part of it.

Download and Run ComboFix (by sUBs)

Disable your Anti-virus and any real-time Anti-spyware monitors that are running.
Then double click Combofix.exe & follow the prompts.
When finished, it will produce a log for you. Upload that log in your next reply with a new HijackThis log. Upload to the following link and post the link to it back here.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall.
Note 2: Remember to re-enable your Anti-virus and Anti-spyware.

NOTE: If you have issues connecting to your network or internet after running combofix you can either simply reboot, or do the following:
* Going to Control Panel > Network Connections.
* Right click on their Network icons & select "Repair"
Alternately, if the Network icon appears in the notification area in the lower right corner of Desktop, right-click it, and then click Repair from the shortcut menu.

Author Comment

ID: 20386490
DevOps Toolchain Recommendations

Read this Gartner Research Note and discover how your IT organization can automate and optimize DevOps processes using a toolchain architecture.


Author Comment

ID: 20386501
sorry, that was the combofix log.
i don't know where to go from here...
LVL 20

Expert Comment

ID: 20386530
Nothing to be sorry did good. We will need to delete some files. First I would like you to run another tool and upload that log while I go through the combo log.

Please download SDFix and save it to your Desktop. 

You should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

Double click on SDFix.exe. It should automatically extract a folder called SDFix to your system drive (usually C:\). Please reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, a menu with options should appear;
Select the first option, to run Windows in Safe Mode, then press "Enter".
Choose your usual account.

Open the SDFix folder and double click on RunThis.bat to start the script.
Type Y and press Enter to begin the script.
It will start cleaning your PC and then prompt you to press any key to Reboot.
Press any key to restart the PC.
Your system will take longer than normal to restart as the fixtool will be removing files.
When the desktop loads the Fixtool will complete the removal and display Finished.
Press any key to end the script and to load your desktop icons.
A text file should automatically open, so please upload the contents to

Author Comment

ID: 20386667
LVL 20

Expert Comment

ID: 20386726
Well looks like SDFix got most of it anyway. One file I'm not sure on though...


I would recommend you go to, click on Browse, and upload the file for analysis:
NOTE: You may need to enable hidden files and folders to see it.

Then click Submit. Allow the file to be scanned, and then please copy and paste the results here for us to see.

If Jotti is too busy you can try these.

Author Comment

ID: 20386749
Last file scanned at least one scanner reported something about: msnchk.exe (MD5: 8130c891d2ecb11be934f2681ac73845, size: 3377 bytes), detected by:
Scanner  Malware name  
A-Squared  X  
AntiVir  X  
ArcaVir  X  
Avast  X  
AVG Antivirus  X  
BitDefender  X  
ClamAV  X  
CPsecure  X  
Dr.Web  X  
F-Prot Antivirus  X  
F-Secure Anti-Virus  X  
Fortinet  X  
Ikarus  Suspect code-parts  
Kaspersky Anti-Virus  X  
NOD32  X  
Norman Virus Control  X  
Panda Antivirus  Trj/Agent.HEH  
Rising Antivirus  X  
Sophos Antivirus  X  
VirusBuster  X  
VBA32  X  
LVL 20

Expert Comment

ID: 20386786
Honestly not sure about that file yet? Wondering if it's part of MSN Cleaner that you ran.

Question, how is it running now? What are you running for an Antivirus, Norton?

Panda ActiveScan also claims to find and heal this. If you still have issues I would recommend trying it.

Author Comment

ID: 20389479
My computer has Symantec Antivirus running.
But my msn seems to be all back to normal now. Thank you so much for your help and patience!

Featured Post

Guide to Performance: Optimization & Monitoring

Nowadays, monitoring is a mixture of tools, systems, and codes—making it a very complex process. And with this complexity, comes variables for failure. Get DZone’s new Guide to Performance to learn how to proactively find these variables and solve them before a disruption occurs.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you thought ransomware was bad, think again! Doxware has the potential to be even more damaging.
Did you know that more than 4 billion data records have been recorded as lost or stolen since 2013? It was a staggering number brought to our attention during last week’s ManageEngine webinar, where attendees received a comprehensive look at the ma…
The goal of the tutorial is to teach the user how to instant message and make a video call in Skype.
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…

733 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question