Author Topic: msmpeng.exe  (Read 7352 times)

0 Members and 1 Guest are viewing this topic.

cassie22

  • Guest
msmpeng.exe
« on: September 13, 2010, 12:53:37 PM »
Hi

Recently I scanned my computer and the antivirus shown that there are several files (msmpeng.exe) are infected (and one of them is infected by trojan) but I can't do anything to deal with them...Please help!

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67195
Re: msmpeng.exe
« Reply #1 on: September 13, 2010, 01:22:20 PM »
I suggest:

1. Clean your temporary files.
2. Schedule a boot time scanning with avast with archive scanning turned on. If avast does not detect it, you can try DrWeb CureIT! instead.
3. Use MBAM (or SUPERantispyware or even Spyware Terminator) to scan for spywares and trojans. If any infection is detected, it is better and safer to send the infected file(s) to quarantine (Chest), rather than simply deleting them.
4. Test your machine with anti-rootkit applications. I suggest avast! antirootkit or Trend Micro RootkitBuster.
5. Make a HijackThis log to post here or this analysis site. Or even submit the RunScanner log to to on-line analysis.
6. Clean your Hosts file (replacing it) with HostsMan tool.
7. Disable System Restore and then reenable it again.
8. Immunize your system with SpywareBlaster.
9. Check if you have insecure applications with Secunia Software Inspector.
The best things in life are free.

Online DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88900
  • No support PMs thanks
Re: msmpeng.exe
« Reply #2 on: September 13, 2010, 03:43:21 PM »
Hi

Recently I scanned my computer and the antivirus shown that there are several files (msmpeng.exe) are infected (and one of them is infected by trojan) but I can't do anything to deal with them...Please help!

You have windows defender installed ?
- it is loading unencrypted virus signatures into memory.

You are running a custom scan - you have elected to scan Memory ?

These detections are in memory and are loaded by msmpeng.exe it doesn't mean that msmpeng.exe is infected.

~~~~
- Detections in Memory - The Custom scan in which you have elected to scan Memory and that all these detections are in memory or are listings of files that can't be scanned. Since they aren't physical files they can't be moved to the chest, deleted, etc. so there is no action that can be taken, hence the Apply button being greyed out.

The detections in memory are frequently other security applications loading unencrypted virus signatures into memory.

Having set off a scan of memory by an antivirus application looking for virus signatures, don't be too surprised if it finds some in memory.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

cassie22

  • Guest
Re: msmpeng.exe
« Reply #3 on: September 13, 2010, 05:13:46 PM »
Thanks for your replies

I don't know much about computer so actually I don't understand what the replies mean.


You have windows defender installed ?
- it is loading unencrypted virus signatures into memory.

You are running a custom scan - you have elected to scan Memory ?

These detections are in memory and are loaded by msmpeng.exe it doesn't mean that msmpeng.exe is infected.

~~~~
- Detections in Memory - The Custom scan in which you have elected to scan Memory and that all these detections are in memory or are listings of files that can't be scanned. Since they aren't physical files they can't be moved to the chest, deleted, etc. so there is no action that can be taken, hence the Apply button being greyed out.

The detections in memory are frequently other security applications loading unencrypted virus signatures into memory.

Having set off a scan of memory by an antivirus application looking for virus signatures, don't be too surprised if it finds some in memory.

I installed the Windows Defender and I chose to scan Memory . You mean the " infected files" cannot be deleted but in my computer scan results the "files" are marked as :
Win32:BHO-TA[Trj]
JS:Pdfka-AJM[Expl]
NSIS:Downloader-CC[Trj]
BV::AutoRun-E[Wrm]
Win32:Wmall-gen2[Trj]
Win32:Small-HUF[Trj]
Win32:2bot-AVH[Trj]

I wondered if they are really infected and what should I do....

Online DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88900
  • No support PMs thanks
Re: msmpeng.exe
« Reply #4 on: September 13, 2010, 05:37:58 PM »
You can't delete a memory block these aren't physical files in the same sense as a file on your hard disk.

What should you do either stop scanning the memory of stop using windows defender so it doesn't load virus unencrypted signatures into memory. The Quick and Full System scans are fine for all normal purposes. Either that or you have to know what the repercussions of a custom scan and any settings that you add/change.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security