MSN virus help

Posted on 2007-11-30
Last Modified: 2013-11-22
Last night my computer was infected with the virus via MSN messenger. My computer has been running scans and I have downloaded MSNCleaner by InfoSpyware, but the virus files have not been deleted. I don't understand how to or if I can find the file manually to delete it. I read a similar question, ID 22988522, but I am lost. PLEASE help. Thank you!!!
Question by:em_8802
  • 5
  • 4
LVL 21

Expert Comment

ID: 20386043
I would try an online scanner, see if that gets rid of the virus:

Trendmicro is a good one.
LVL 20

Accepted Solution

IndiGenus earned 500 total points
ID: 20386288
I happened to be in on the post you mentioned. Combofix got it I believe. Or at least part of it.

Download and Run ComboFix (by sUBs)

Disable your Anti-virus and any real-time Anti-spyware monitors that are running.
Then double click Combofix.exe & follow the prompts.
When finished, it will produce a log for you. Upload that log in your next reply with a new HijackThis log. Upload to the following link and post the link to it back here.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall.
Note 2: Remember to re-enable your Anti-virus and Anti-spyware.

NOTE: If you have issues connecting to your network or internet after running combofix you can either simply reboot, or do the following:
* Going to Control Panel > Network Connections.
* Right click on their Network icons & select "Repair"
Alternately, if the Network icon appears in the notification area in the lower right corner of Desktop, right-click it, and then click Repair from the shortcut menu.

Author Comment

ID: 20386490

Author Comment

ID: 20386501
sorry, that was the combofix log.
i don't know where to go from here...
LVL 20

Expert Comment

ID: 20386530
Nothing to be sorry did good. We will need to delete some files. First I would like you to run another tool and upload that log while I go through the combo log.

Please download SDFix and save it to your Desktop. 

You should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

Double click on SDFix.exe. It should automatically extract a folder called SDFix to your system drive (usually C:\). Please reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, a menu with options should appear;
Select the first option, to run Windows in Safe Mode, then press "Enter".
Choose your usual account.

Open the SDFix folder and double click on RunThis.bat to start the script.
Type Y and press Enter to begin the script.
It will start cleaning your PC and then prompt you to press any key to Reboot.
Press any key to restart the PC.
Your system will take longer than normal to restart as the fixtool will be removing files.
When the desktop loads the Fixtool will complete the removal and display Finished.
Press any key to end the script and to load your desktop icons.
A text file should automatically open, so please upload the contents to
Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.


Author Comment

ID: 20386667
LVL 20

Expert Comment

ID: 20386726
Well looks like SDFix got most of it anyway. One file I'm not sure on though...


I would recommend you go to, click on Browse, and upload the file for analysis:
NOTE: You may need to enable hidden files and folders to see it.

Then click Submit. Allow the file to be scanned, and then please copy and paste the results here for us to see.

If Jotti is too busy you can try these.

Author Comment

ID: 20386749
Last file scanned at least one scanner reported something about: msnchk.exe (MD5: 8130c891d2ecb11be934f2681ac73845, size: 3377 bytes), detected by:
Scanner  Malware name  
A-Squared  X  
AntiVir  X  
ArcaVir  X  
Avast  X  
AVG Antivirus  X  
BitDefender  X  
ClamAV  X  
CPsecure  X  
Dr.Web  X  
F-Prot Antivirus  X  
F-Secure Anti-Virus  X  
Fortinet  X  
Ikarus  Suspect code-parts  
Kaspersky Anti-Virus  X  
NOD32  X  
Norman Virus Control  X  
Panda Antivirus  Trj/Agent.HEH  
Rising Antivirus  X  
Sophos Antivirus  X  
VirusBuster  X  
VBA32  X  
LVL 20

Expert Comment

ID: 20386786
Honestly not sure about that file yet? Wondering if it's part of MSN Cleaner that you ran.

Question, how is it running now? What are you running for an Antivirus, Norton?

Panda ActiveScan also claims to find and heal this. If you still have issues I would recommend trying it.

Author Comment

ID: 20389479
My computer has Symantec Antivirus running.
But my msn seems to be all back to normal now. Thank you so much for your help and patience!

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Run .exe file from network share 2 68
Capturing login data on mobile client 1 88
Skype/Lync Emoticons Question 3 95
Spam mails from a compromised internal computer 5 64
Getting hacked is no longer a matter or "if you get hacked" — the 2016 cyber threat landscape is now titled "when you get hacked." When it happens — will you be proactive, or reactive?
If you're not part of the solution, you're part of the problem.   Tips on how to secure IoT devices, even the dumbest ones, so they can't be used as part of a DDoS botnet.  Use PRTG Network Monitor as one of the building blocks, to detect unusual…
The goal of the tutorial is to teach the user how to instant message and make a video call in Skype.
This tutorial gives a high-level tour of the interface of Marketo (a marketing automation tool to help businesses track and engage prospective customers and drive them to purchase). You will see the main areas including Marketing Activities, Design …

920 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now