« previous next »
Pages: [1]   Go Down

Author Topic: win32:smssend-IG Trojan help  (Read 4893 times)

0 Members and 1 Guest are viewing this topic.

Maelyncia

  • Guest
win32:smssend-IG Trojan help
« on: December 21, 2011, 07:30:58 PM »
Hi. Today I ran a boot time scan and ended up finding 2 infected files. Both seem to be "win32:smssend-IG" and it can't be moved to the chest, repaired or deleted. Oddly enough, nothing is found when I google search it. I ran Malwarebytes and SuperAntiSpyware today as well and found nothing. Also note that the last boot time scan I ran was 3 days ago, and nothing was found then. Any advice or info is appreciated.

Here is the log.

Quote
12/21/2011 11:11
Scan of all local drives

File C:\Documents and Settings\Andrew.DHZ34C71\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\quarantine.db|>data Error 42125 {ZIP archive is corrupted.}
File C:\Documents and Settings\Andrew.DHZ34C71\Local Settings\Application Data\Google\Update\Download\youtubeuploader.msi|>Uploader.cab|>ShellEXE is infected by Win32:SMSSend-IG [Trj], Move to chest: Error 42111 {The operation is not supported for this type of archive.}, Move to chest: Error 42111 {The operation is not supported for this type of archive.}, Move to chest: Error 42111 {The operation is not supported for this type of archive.}, Delete: Error 42111 {The operation is not supported for this type of archive.}, Repair: Error 42060 {The file was not repaired.}
File C:\Documents and Settings\Andrew.DHZ34C71\Local Settings\Application Data\Mozilla\Firefox\Profiles\xt8bb0pc.default\Cache(20)\120D3EF4d01|>files.dat Error 42126 {RAR archive is corrupted.}
File C:\Documents and Settings\Andrew.DHZ34C71\Local Settings\Application Data\Mozilla\Firefox\Profiles\xt8bb0pc.default\Cache(8)\801AB65Dd01|>Tails\comic\5.jpg Error 42125 {ZIP archive is corrupted.}
File C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP2150\A0389175.msi|>Uploader.cab|>ShellEXE is infected by Win32:SMSSend-IG [Trj]
Number of searched folders: 8015
Number of tested files: 433844
Number of infected files: 2

Thank you.
« Last Edit: December 21, 2011, 09:10:24 PM by Maelyncia »
Logged

misash

  • Guest
Re: win32:smssend-IG Trojan help
« Reply #1 on: February 03, 2012, 04:15:38 PM »
I just had the same threat found on my scan.  I was unable to move to check as well!! Please some one advise on this topic.
Logged

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37527
  • Not a avast user
Re: win32:smssend-IG Trojan help
« Reply #2 on: February 03, 2012, 05:00:06 PM »
The one that say corrupted is just a scan error....files that can not be scanned or are corrupted are just that....it does not mean they are infected


Quote
{The operation is not supported for this type of archive.}
means the file detected is inside a zip archive.....and the scanner cant rip it out
so to remove, unpack and scan the content of the folder...or try browse to the file and delete it
so do you know this "youtubeuploader" file ?

Quote
File C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP2150\A0389175.msi|>Uploader.cab|>ShellEXE is infected by Win32:SMSSend-IG [Trj]
this i guess is just a backup of the same file detected above....located in a restore point
to remove that, delete restore point reboot and create new
Logged
Pages: [1]   Go Up
« previous next »