Avast WEBforum
Other => Viruses and worms => Topic started by: demontosome26 on March 07, 2013, 04:49:37 PM
-
I ran a scan recently and found that I was infected with what's known as an Injector virus. I can't recall what the full name of the file was, but in the scan logs it has it listed under "C:\WINDOWS\system32\MCSysUtil.dll". It will not let me delete it, repair it, or even send it to the chest. What steps should I take from here?
-
upload the file to www.virustotal.com
and post the link to the results here.
it could be a possible false alarm..
-
What is mcsysutil.dll doing on my computer?
http://www.processlibrary.com/directory/files/mcsysutil/404347/
-
I tried using virustotal but I couldn't find the file. I even went about searching for it through the windows search setting and still nothing. The post Pondus posted asked me to run Speedupmypc, but I have CCleaner and I always run the registry cleaner, so what else is recommended?
-
The post Pondus posted asked me to run Speedupmypc
i gave you info about the file
mcsysutil.dll is a Manna System Utility belonging to Metamail from Metamail Corp
something you know?
-
Of course and I read all of the information that link listed, but it recommended I do a scan with SpeedUpMyPC, which I doubt will resolve my issue. At least I would assume that since I already use CCleaner on a daily basis to search for Registry Errors and as a clean up utility. I tend to do all the necessary steps to keep my laptop up to speed including checking for bad sectors through properties on drive C: (once a month). Maybe I deleted a registry that was needed?
I'll await any instructions that are needed for me to move further with my issue. Thank you all for your time.
-
SpeedUpMyPC, which I doubt will resolve my issue.
it is just an ad as many of these websites have
-
That may be a false positive, could you upload to Avast as an FP
-
Hello essexboy, I remember you helping me out in the past and resolving my problem, so it's nice to see that you're still around. How exactly would I go about uploading it to avast as a False Positive? Would that be the same as submitting the file to the virus lab?
-
Yep just the same, are you running V7 or V8 of Avast
V8 .. Go to support and select report file
-
I'm using the most recent version of Avast and I went ahead and submitted it through the virus chest instead. I have no clue how it's in the chest if it said it couldn't be moved there, but it's there now.
-
Rescan it from the chest tomorrow and see if it still reports it. Has the removal affected any of your programmes at all ?
-
Not that I have noticed, but once again my laptop is starting to run a lot slower than usual. I had recently uninstalled advanced system care and replaced it with CCleaner with the advise of a member on here, which seemed to have corrected my speed issue for a while.
-
I can have a quick looksee if you wish
-
Sure, just let me know what you need me to provide you.
-
OK lets start with OTL initially
Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your Desktop
Secondary link (http://www.itxassociates.com/OT-Tools/OTL.exe)
- Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
(https://dl.dropbox.com/u/73555776/OTL_Main_Tutorial.gif)
- Select All Users
- Under the Custom Scan box paste this in
netsvcs
BASESERVICES
%SYSTEMDRIVE%\*.exe
/md5start
services.*
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
winsock.*
/md5stop
CREATERESTOREPOINT
- Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
- Post both logs
-
posted
-
The logs look nice and clean .. Are you experiencing any problems ?
-
I've just noticed the laptop being real slow no matter what I'm doing on it. Other then that I haven't seen any other problems.
-
Clear Cache/Temp Files
Download TFC by OldTimer (http://oldtimer.geekstogo.com/TFC.exe) to your desktop
- Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
- It will close all programs when run, so make sure you have saved all your work before you begin.
- Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion.
- Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.
-
I scanned the file again today like you asked of me and the result still read "MCSysUtil.dll Win32:Injector - AZQ [Trj]". I also ran the program TFC, so I'll let you know if I start noticing a difference in my system. Thanks for your assistance as usual, essexboy.
-
OK lets see where that file is
(https://dl.dropbox.com/u/73555776/OTL_Main_Tutorial.gif)
- Select All Users
- Under the Custom Scan box paste this in
netsvcs
/md5start
MCSysUtil.*
/md5stop
CREATERESTOREPOINT
- Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
- Post both logs
-
posted
-
Intriguing, what location does Avast say it is in ?
-
"C:\WINDOWS\system32" for Original Location.
-
Is it in the chest now ?
-
Yes sir. At first it told me it couldn't be moved to the chest, deleted, or fixed, but later when I opened Avast I found it in there.
-
Leave it there for now and check it again in a bout a weeks time
Although metamail appears to be a Linux programme
-
I'll let you know, essexboy.
-
I ran a scan on the file today and it came back with "MCSysUtil -no virus-". I'm assuming that means it's safe, so should I restore the file?
-
If you need it then restore it. But if you have experienced no problems then you can leave it there
-
Alright, I'll leave it there for now and if I see any issues I'll post an update on here.
-
Update: No virus has been detected lately, but my laptop is still running extremely slow. I clean all of my computer history using Ccleaner once a day, defragment once a month, and scan for viruses at least once a week, but the problem still continues. What should I do from here?
-
You only have 500Mb of RAM on an XP machine, which is borderline
However, there are a lot of start up programmes.
Try reducing these to the ones you actually need :
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [CeEKEY] C:\Program Files\Toshiba\E-KEY\CeEKey.exe (COMPAL ELECTRONIC INC.)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe (TOSHIBA CO.,LTD.)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [LXBXCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBXtime.DLL ()
O4 - HKLM..\Run: [PadTouch] C:\Program Files\Toshiba\Touch and Launch\PadExe.exe (TOSHIBA)
O4 - HKLM..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe (TOSHIBA)
O4 - HKLM..\Run: [TCtryIOHook] C:\WINDOWS\System32\TCtrlIOHook.exe (TOSHIBA)
O4 - HKLM..\Run: [TDispVol] C:\WINDOWS\System32\TDispVol.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TFncKy] TFncKy.exe File not found
O4 - HKLM..\Run: [TPNF] C:\Program Files\Toshiba\TouchPad\TPTray.exe (COMPAL ELECTRONIC INC.)
O4 - HKLM..\Run: [TPSMain] C:\WINDOWS\System32\TPSMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe (TOSHIBA Corporation)
O4 - HKCU..\Run: [TOSCDSPD] C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe (Matsushita Electric Industrial Co., Ltd.)
-
I'm familiar with computer software, but only to a certain degree. Which ones would you recommend I disable from start up? I can always reverse the process, so that's not an issue. Ccleaner also has easy access when it comes to disabling and enabling start up programs.
-
I would recommend that as you are using CC that you temporarily disable all bar Avast
Then reboot and see which other ones you need to re-enable to get the elements you require running
Probably touchpad and intel wireless
-
I disabled just about everything minus 6 programs, which include Avast. So far things have been working a lot better for the last few days.
-
Run OTL and press the cleanup button to remove it and its associated files ;D