Author Topic: Win32 Injector Infection  (Read 3192 times)

Offline demontosome26

  • Jr. Member
  • **
  • Posts: 41
    • Personal Message (Offline)
Win32 Injector Infection
« on: March 07, 2013, 02:49:37 PM »
I ran a scan recently and found that I was infected with what's known as an Injector virus.  I can't recall what the full name of the file was, but in the scan logs it has it listed under "C:\WINDOWS\system32\MCSysUtil.dll".  It will not let me delete it, repair it, or even send it to the chest.  What steps should I take from here? 

Offline True Indian

  • Malware Hunter
  • Advanced Poster
  • **
  • Posts: 728
  • Gender: Male
  • A Good Old Indian!
    • Personal Message (Offline)
Re: Win32 Injector Infection
« Reply #1 on: March 07, 2013, 03:03:02 PM »
upload the file to www.virustotal.com

and post the link to the results here.

it could be a possible false alarm..

Offline Pondus

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 21702
  • Gender: Male
    • Personal Message (Offline)
Re: Win32 Injector Infection
« Reply #2 on: March 07, 2013, 05:09:12 PM »
What is mcsysutil.dll doing on my computer?
http://www.processlibrary.com/directory/files/mcsysutil/404347/
Chief Wiggum: Uh, no, you got the wrong number. This is 9-1…2.


Offline demontosome26

  • Jr. Member
  • **
  • Posts: 41
    • Personal Message (Offline)
Re: Win32 Injector Infection
« Reply #3 on: March 09, 2013, 03:39:08 AM »
I tried using virustotal but I couldn't find the file.  I even went about searching for it through the windows search setting and still nothing.  The post Pondus posted asked me to run Speedupmypc, but I have CCleaner and I always run the registry cleaner, so what else is recommended?

Offline Pondus

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 21702
  • Gender: Male
    • Personal Message (Offline)
Re: Win32 Injector Infection
« Reply #4 on: March 09, 2013, 07:46:35 AM »
Quote
The post Pondus posted asked me to run Speedupmypc
i gave you info about the file

Quote
mcsysutil.dll is a Manna System Utility belonging to Metamail from Metamail Corp
something you know?

Chief Wiggum: Uh, no, you got the wrong number. This is 9-1…2.


Offline demontosome26

  • Jr. Member
  • **
  • Posts: 41
    • Personal Message (Offline)
Re: Win32 Injector Infection
« Reply #5 on: March 09, 2013, 03:12:59 PM »
Of course and I read all of the information that link listed, but it recommended I do a scan with SpeedUpMyPC, which I doubt will resolve my issue.  At least I would assume that since I already use CCleaner on a daily basis to search for Registry Errors and as a clean up utility.  I tend to do all the necessary steps to keep my laptop up to speed including checking for bad sectors through properties on drive C: (once a month).  Maybe I deleted a registry that was needed?

I'll await any instructions that are needed for me to move further with my issue.  Thank you all for your time.

Offline Pondus

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 21702
  • Gender: Male
    • Personal Message (Offline)
Re: Win32 Injector Infection
« Reply #6 on: March 09, 2013, 03:22:36 PM »
Quote
SpeedUpMyPC, which I doubt will resolve my issue.
it is just an ad as many of these websites have
Chief Wiggum: Uh, no, you got the wrong number. This is 9-1…2.


Online essexboy

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 28997
  • Gender: Male
  • Dragons by Sasha
    • Malware fixes
    • Personal Message (Online)
Re: Win32 Injector Infection
« Reply #7 on: March 09, 2013, 03:40:11 PM »
That may be a false positive, could you upload to Avast as an FP

Offline demontosome26

  • Jr. Member
  • **
  • Posts: 41
    • Personal Message (Offline)
Re: Win32 Injector Infection
« Reply #8 on: March 09, 2013, 04:30:17 PM »
Hello essexboy, I remember you helping me out in the past and resolving my problem, so it's nice to see that you're still around.  How exactly would I go about uploading it to avast as a False Positive?  Would that be the same as submitting the file to the virus lab?

Online essexboy

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 28997
  • Gender: Male
  • Dragons by Sasha
    • Malware fixes
    • Personal Message (Online)
Re: Win32 Injector Infection
« Reply #9 on: March 09, 2013, 04:39:00 PM »
Yep just the same, are you running V7 or V8 of Avast

V8 .. Go to support and select report file

Offline demontosome26

  • Jr. Member
  • **
  • Posts: 41
    • Personal Message (Offline)
Re: Win32 Injector Infection
« Reply #10 on: March 09, 2013, 05:28:52 PM »
I'm using the most recent version of Avast and I went ahead and submitted it through the virus chest instead.  I have no clue how it's in the chest if it said it couldn't be moved there, but it's there now.

Online essexboy

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 28997
  • Gender: Male
  • Dragons by Sasha
    • Malware fixes
    • Personal Message (Online)
Re: Win32 Injector Infection
« Reply #11 on: March 09, 2013, 05:41:37 PM »
Rescan it from the chest tomorrow and see if it still reports it.  Has the removal affected any of your programmes at all ?

Offline demontosome26

  • Jr. Member
  • **
  • Posts: 41
    • Personal Message (Offline)
Re: Win32 Injector Infection
« Reply #12 on: March 09, 2013, 05:44:49 PM »
Not that I have noticed, but once again my laptop is starting to run a lot slower than usual.  I had recently uninstalled advanced system care and replaced it with CCleaner with the advise of a member on here, which seemed to have corrected my speed issue for a while. 

Online essexboy

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 28997
  • Gender: Male
  • Dragons by Sasha
    • Malware fixes
    • Personal Message (Online)
Re: Win32 Injector Infection
« Reply #13 on: March 09, 2013, 05:47:14 PM »
I can have a quick looksee if you wish

Offline demontosome26

  • Jr. Member
  • **
  • Posts: 41
    • Personal Message (Offline)
Re: Win32 Injector Infection
« Reply #14 on: March 09, 2013, 08:10:04 PM »
Sure, just let me know what you need me to provide you.

 

Google Chrome

AVAST recommends using the FREE Google Chrome™ browser.

Download Google Chrome Now