msne.exe Virus or worm ?

I have noticed a msne.exe on my process list and was wondering if it is a virus or some thing.. It only showes up every once and I while and it will have my CPU`s at 100 % untill Close it out.. I have run virus scans and every thing and comes up clean.. I can also say when I try to unzip some thing it keeps downloading or trys to load msn messenger 6.2 Can any one help me ?

 

The msne.exe I found produces a file with MSN Messenger icon (green guys) and the following when run.

http://img52.photobucket.com/albums/v159/noahdfear/msne/?action=view&current=msne.jpg

Can anyone translate?

Best to locate the file and at least rename it to msne.old for now. You will have to end process on it in task manager first.

 

I can't translate but you do seem to have your own personalized copy. This is the link and the taskbar button says 'Album for noahdfear'.

Code:

http://img52.photobucket.com/albums/v159/noahdfear/msne/?action=view&current=msne.jpg&PHPSESSID=a0a0b638dc0abe5dc876b40b21e82c0f

 

Msne.exe

Well Know I am having all kinds of trouble.. I cant use Regedit. msconfig. It will come on the screen and than pop off.. It wont let me load new virus definetions on my virus scanners and my cpus are spiking to 100 % Help me please

 

Next step is to download a copy of hijackthis, store it to a folder other than Temp or Desktop (so you can recover from any removals that don't go quite right) and post a log here.

Link to the download in Dave's signature. Don't fix anything but do post the log file for someone to look over and give you detailed cleanup instructions.

 

msne.exe

Ok here it is..
Logfile of HijackThis v1.97.7
Scan saved at 2:02:31 AM, on 6/9/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\VCOM\SYSTEM~1\MXTask.exe
C:\WINDOWS\wanmpsvc.exe
C:\PROGRA~1\VCOM\SYSTEM~1\mxtask.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\System32\hl.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\System32\smsc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.my.yahoo.com/
N3 - Netscape 7: user_pref( "browser.startup.homepage ", "http://www.my.yahoo.com "); (C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\s7dm7ft9.slt\prefs.js)
N3 - Netscape 7: user_pref( "browser.search.defaultengine ", "engine://C%3A%5CPROGRA%7E1%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src "); (C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\s7dm7ft9.slt\prefs.js)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn0\ycomp5_3_12_0.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - c:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn0\ycomp5_3_12_0.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\mcafee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [MCAgentExe] C:\Program Files\mcafee.com\Agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\Program Files\mcafee.com\Agent\mcupdate.exe /embedding
O4 - HKLM\..\Run: [Counter Strike] hl.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [Win32 USB2 Driver] smsc.exe
O4 - HKLM\..\Run: [Fix-It AV] C:\PROGRA~1\VCOM\SYSTEM~1\MemCheck.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\RunServices: [msn ex loader] msne.exe
O4 - HKLM\..\RunServices: [Counter Strike] hl.exe
O4 - HKLM\..\RunServices: [Spool System Applications] spools.exe
O4 - HKLM\..\RunServices: [Win32 USB2 Driver] smsc.exe
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HPINST~1\plugin\bin\PCHButton.exe
O4 - HKCU\..\Run: [Counter Strike] hl.exe
O4 - HKCU\..\Run: [Tray Temperature] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [Win32 USB2 Driver] smsc.exe
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\Netscape\Netscape\Netscp.exe" -turbo
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKLM\..\RunOnce: [Win32 USB2 Driver] smsc.exe
O4 - HKCU\..\RunOnce: [Win32 USB2 Driver] smsc.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: hp center.lnk = C:\Program Files\hp center\137903\Program\BackWeb-137903.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: MktBrowser (HKLM)
O9 - Extra 'Tools' menuitem: MarketBrowser (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: MoneySide (HKLM)
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0401.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38143.8487037037
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/autocomplete.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1AC0F372-E515-4A69-8F67-8004CD080393}: NameServer = 68.92.19.11 68.92.19.12

 

Please go get a free online preferably two and at other than mcafee for a better second opinion, write down for us if anything is found please.
Trend Micro - Free online virus Scan: http://housecall.trendmicro.com/
eTrust AV Web Scanner: http://www3.ca.com/virusinfo/virusscan.aspx

when done restart the PC put hijackthis in a new folder than post a new log

 

msne.exe

Its not letting me load eather one.. Its saying my securty settings with axtive X wont let me..

 

You need to go there with IE, not other browsers, you know ?
I assume aol has still has its own broswer so mimumize it then open IE

while not at the online scans > in internet options > security highlight the general zone(green globe) and hit the default level button.

Besides Both those onlines(let us know if theres still problems getting them to work)
Download and run stinger, pastes its report back here if it finds anything please. Network Associates Inc.Stinger: http://vil.nai.com/vil/stinger/

 

msne.exe

I am running IE on here i only use AOL when my reg isp does not work.. I did the default level like you said and i still get the same thing.. am trying the stinger now..

 

Ok I have noticed I already have that stinger on here and it is up to date now how do I do I post the results to here ? I thought i new about PC stuff. Guess I as wrong.

 

Is your's version 2.2.7 (5/18/2004) ?

after you run it on its toolbar go file save report(no need to unless it finds something)

 

That is the version i have.

 

Ok the stinger came back clean..

 

Go to start>run and type services.msc, hit enter. Try to locate the service the below entry references.

O4 - HKLM\..\RunServices: [msn ex loader] msne.exe

Right click on it and stop. Then right click and properties, set to disabled. Check task manager to verify it isn't running.

Does that help?

You could also do this one.

O4 - HKLM\..\RunServices: [Counter Strike] hl.exe

I assume it's the game, but could be something else.

 

These are odd too, smsc.exe spools.exe do a file search for them and the
msne.exe right click on them > properties then version, write down that information for us please ?

also we need to know where they are located

and post a new log please

 

If you can zip up a copy of those files and send it here
>This address<
attach the zip and in the email itself include a url back to this thread

 

I did what you said and neather one of thoes were listed in servesese but I was able to get into mscongfig before it went out and uncecked them.. I still cant use msconfig regedit and still cant load any virus softwear..

 

Hi

Please undue anything you have unchecked in msconfig since the problem started then restart the pc, find and submit (leave them be)those files come back and post a new hijackthis log.

 

Also, in services, if you click an entry you are given a description, at least for most. Please note the name of which services have no description and post back with that info also.