Need Help Virus/hacking like activity

[TG]

I need help!!!
   I've virus like activity. Avast is not able to detect these files as virus, nor I'm able to see these files in windows explorer. I used power desk through which I'm able to see 2 files called.
msams.exe and iexplorerrs.exe  I found the entries in registory i deleted them 100 times!!! and by the time i reach the end of registry i find them making entries at the begining. I want to submit these files to avast team but unable to find them through explorer. I tried to copy them in one folder on desktop but cannot see these files through explorer! My firewall [sygate] has managed to block the internet access of these 2 files. Earlier i permitted them and made a big mistake cause it flodded my network connection so much that i was not even able open google.com !!!
1. How do i submit the avast team these 2 files?
2. How do i stop them making entries into registry again and again
3. How do i remove them!

[Spyros]

OK, by searching google, I found that msams.exe is a hidden file, that's why you can't see it.
Set Windows to show Hidden files and folders
* Click Start.
* Open My Computer.
* Select the Tools menu and click Folder Options.
* Select the View Tab.
* Under the Hidden files and folders heading select Show hidden files and folders.
* Uncheck the Hide protected operating system files (recommended) option.
* Click Yes to confirm.
* Click OK.

Download HijackThis, run it and post the log file here.

[DavidR]

Please Help us to Help you In order to help fully we need more information....
   - What OS are you using? is it up to date?
   - What avast! version and VPS file (virus database) number, e.g. 0436-4 (see about avast!)
   - Where was it found example (C:\windows\system32\suspect-filename.xxx)?

If you have an NT based OS (NT, w2k, XP) you can run a boot scan in avast, however, this is not likely to achieve anything as avast hasn't detected these as a virus.

These are more likely to be spyware/adware, etc. so this link would be more useful Advice & Tools for virus/trojan/malware Removal & Prevention

A google search for msams.exe returns some hits and would point to using hijackthis as the tool of choice.

If you want to send them to avast, then if you can zip and password protect ('virus', will do) the suspect file and send it to virus @ avast.com (no spaces).

Give a brief outline of the problem, the fact that you believe it to be an undetected virus/trojan and include the password in the body of the email. Some info on the avast version and VPS number (see about avast {right click avast icon}) will also help.

You could also check the offending/suspect file at: Jotti - Multi engine on-line virus scanner if any other scanners here detect them it is less likely to be a false positive.

[TG]

Sorry for the incomplete information.
1. I'm using Avast 4.5  build Nov 2004 4.5.561
2. Updated on 11-Jan-2005 File version 0502-2
3. Files are present in Windows\System32 folder
4. OS - Windows XP with Service Pack 1 + all the updates except Service Pack 2
5.  I remeber A program called DeskAdserv.exe was downloaded by Trojan/Virus I deleted the folder.
6. I also found that Windows\prefecth has a file called iexplorerrs.pif file.
7. The problem was it used my all the internet bandwidth which made impossible to browse.
8. Downloading the hijackthis file now.

[Eddy]

I strongly suggest you install SP2. In fact you should have done that already a long time ago. Now your system is much more vulnarable to infections and hackers.


For your problem:
Click on the link in my signature and follow the instructions in the malware removal section.

[TG]

Finally bug is fixed but I'm unable to submit the infected files! Stepts I followed


1. Kill the 2 files by killing them through task manager and clicking on their name fast so that other file cannot start killed file again.
2. Kill all of the registory entries
3. Remove all the msams.exe & iexplorerrs.exe files
4. Reboot!
5. I  want to submit these files to Avast, I have ziped them with password but I'm unable to submit them through Avast virus check both methods! Is there any other way to submit the zip file?

[DavidR]

5. I  want to submit these files to Avast, I have zipped them with password but I'm unable to submit them through Avast virus check both methods! Is there any other way to submit the zip file?

If you are trying to send them as attachments on an email zip files should go ok, unless you have some other restriction, size, etc. if you have password protected the zip files avast can't scan them and as you said previously avast didn't pick the unzipped files up.

Are you getting any error messages, etc. as this would help, "I'm unable to submit them through Avast virus" doesn't tell us much.

[TG]

Ok here is the message i received back in my inbox after submiting the virus file to Avast
------------------------------------------------------------------------------------
Your message did not reach some or all of the intended recipients.

      Subject:   avast!
      Sent:   1/14/2005 12:21 AM

The following recipient(s) could not be reached:

      'virus@asw.cz' on 1/14/2005 12:21 AM
            None of your e-mail accounts could send to this recipient.
------------------------------------------------------------------------------------

[Lisandro]

The following recipient(s) could not be reached: 'virus@asw.cz'

Did you try virus (at) avast.com?

[TG]

Yes it seems I have finally managed to submit the virus. I used the virus@avast.com address and it worked perfectly fine so far I have not received cannot deliver message mail!

[Lisandro]

I have not received cannot deliver message mail!

I did not understand you...
What do you mean?
Do you still have problems on receiving and sending emails? 

[DavidR]

He means the email hasn't bounced back as undeliverable, like his first attempt.

[Lisandro]

He means the email hasn't bounced back as undeliverable, like his first attempt.

Thanks David... This make the things clear for me.
Btw, do not expect that 'all' submited messages (and viruses) receive an answer.
avast webpage does not provide 'automatic' answers to this submitions.

[TG]

Sorry for my poor english, which confused you. Anyway even If Avast didnot reply me it is ok. What is more important is they update the virus database to cure the virus. Since i do have the virus files, I'd like to check them in months time to see if Avast is able to detect them and cure them.

[Lisandro]

Sorry for my poor english, which confused you. Anyway even If Avast didnot reply me it is ok. What is more important is they update the virus database to cure the virus. Since i do have the virus files, I'd like to check them in months time to see if Avast is able to detect them and cure them.

Never mind... I'm not a native English tolken either...
Thanks... you're helping improve avast.