Go Back   Computer Forums > General Computing > Cyber Safety and Computer Security
Click Here to Login
Join Computer forums Today


Reply
 
Thread Tools Search this Thread Display Modes
 
Old 06-06-2009, 06:27 PM   #1
Baseband Member
 
Join Date: Feb 2009
Posts: 24
Exclamation msb.exe

I had a few weird processes going that were really bogging down my computer, so I got AVG Anti-Virus 8 and ran a scan, it caught a few and I fixed them up. But I still have a single process using almost a 3rd of my memory constantly. The executable is msb.exe located in C:\Windows.
It's obviously doing something, how do I remove it?
__________________

lazaroff is offline   Reply With Quote
Old 06-06-2009, 08:36 PM   #2
Omnipotent One
 
Atomic Rooster's Avatar
 
Join Date: Apr 2006
Location: USA
Posts: 11,161
Send a message via AIM to Atomic Rooster Send a message via Yahoo to Atomic Rooster
Default Re: msb.exe

Try giving Malwarebytes' Anti-Malware a go at it.
__________________

Atomic Rooster is offline   Reply With Quote
Old 06-06-2009, 09:57 PM   #3
Baseband Member
 
Join Date: Feb 2009
Posts: 24
Default Re: msb.exe

Impressive Malwarebytes, very impressive.


--------------------------------------------
Malwarebytes' Anti-Malware 1.37
Database version: 2239
Windows 6.0.6002 Service Pack 2

6/6/2009 9:56:17 PM
mbam-log-2009-06-06 (21-56-17).txt

Scan type: Full Scan (C:\|)
Objects scanned: 295890
Time elapsed: 1 hour(s), 15 minute(s), 10 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 1
Registry Data Items Infected: 1
Folders Infected: 1
Files Infected: 23

Memory Processes Infected:
C:\Windows\msb.exe (Trojan.FakeAlert) -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Cognac (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\ColdWare (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run\Cognac (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Policies\Explorer\NoActiveDesktopChange s (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\Windows\tempie (Spyware.Passwords) -> Quarantined and deleted successfully.

Files Infected:
C:\Windows\msb.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Windows\msa.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Windows\tempie\aim.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\Windows\tempie\aim1.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\Windows\tempie\aim6.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\Windows\tempie\aimer.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\Windows\tempie\decaptcher.dll (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\Windows\tempie\iepw.txt (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\Windows\tempie\me.ini (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\Windows\tempie\mes.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\Windows\tempie\mes_t.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\Windows\tempie\msado25.tlb (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\Windows\tempie\MSVBVM60.DLL (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\Windows\tempie\MSWINSCK.OCX (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\Windows\tempie\newpw.txt (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\Windows\tempie\RICHTX32.OCX (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\Windows\tempie\urlmon.dll (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\Windows\tempie\wbemdisp.tlb (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\Windows\tempie\winhttp.dll (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\Windows\tempie\wininet.dll (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\Windows\Tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Windows\System32\msxml71.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Windows\Tasks\{783AF354-B514-42d6-970E-3E8BF0A5279C}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
lazaroff is offline   Reply With Quote
Old 06-08-2009, 10:20 AM   #4
Beta Member
 
will46's Avatar
 
Join Date: Jun 2009
Posts: 1
Default Re: msb.exe

I tried that to and it got rid of the msb.exe
will46 is offline   Reply With Quote
Old 06-08-2009, 06:41 PM   #5
Omnipotent One
 
Atomic Rooster's Avatar
 
Join Date: Apr 2006
Location: USA
Posts: 11,161
Send a message via AIM to Atomic Rooster Send a message via Yahoo to Atomic Rooster
Default Re: msb.exe

Awesome. Good to hear it worked for the both of you.
Atomic Rooster is offline   Reply With Quote
Old 07-21-2009, 04:35 PM   #6
Beta Member
 
Join Date: Jul 2009
Posts: 1
Default Re: msb.exe

I have also found msb.exe on my but since i already knew about malwarebytes (totaly agree with Atomic Rooster) I am currently running a scan and it so far found 14 objects that were infected and it has found them and my antivirus didnt find anything wrong earlier
muppeteer is offline   Reply With Quote
Old 01-03-2010, 05:05 PM   #7
Beta Member
 
Join Date: Jan 2010
Posts: 1
Thumbs up Re: msb.exe

thanks for your help, it worked excellently- picked up things that my Mcafee didnt.
nate866 is offline   Reply With Quote
Old 03-04-2010, 01:59 PM   #8
Beta Member
 
Join Date: Mar 2010
Posts: 1
Default Re: msb.exe

my computer had this i found it when my computer was running dead slow i opened up task manager and found my CPU running at 100% so i went in processes and saw MSB.exe running about 40 times so i downloaded AVG and the moment i had finished installing it found the virus and removed it... (But my AVG was 9)
__________________

lol52 is offline   Reply With Quote
Reply

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off



All times are GMT -5. The time now is 04:46 PM.


Powered by vBulletin® Version 3.8.8 Beta 4
Copyright ©2000 - 2017, vBulletin Solutions, Inc.
Search Engine Friendly URLs by vBSEO 3.6.0