Win32 Injector Infection

[essexboy]

OK lets start with OTL initially

Download OTL  to your Desktop
Secondary link

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

• Select All Users
  
• Under the Custom Scan box paste this in

netsvcs
BASESERVICES
%SYSTEMDRIVE%\*.exe
/md5start
services.*
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
winsock.*
/md5stop
CREATERESTOREPOINT

• Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    
  • Post  both logs

[demontosome26]

posted

[essexboy]

The logs look nice and clean .. Are you experiencing any problems ?

[demontosome26]

I've just noticed the laptop being real slow no matter what I'm doing on it.  Other then that I haven't seen any other problems.

[essexboy]

Clear Cache/Temp Files
Download TFC by OldTimer to your desktop

• Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  
• It will close all programs when run, so make sure you have saved all your work before you begin.
  
• Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.  Let it run uninterrupted to completion.
  
• Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.

[demontosome26]

I scanned the file again today like you asked of me and the result still read "MCSysUtil.dll   Win32:Injector - AZQ [Trj]".  I also ran the program TFC, so I'll let you know if I start noticing a difference in my system.  Thanks for your assistance as usual, essexboy.

[essexboy]

OK lets see where that file is

• Run OTL.

• Select All Users
  
• Under the Custom Scan box paste this in

netsvcs
/md5start
MCSysUtil.* 
/md5stop
CREATERESTOREPOINT

• Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    
  • Post  both logs

[demontosome26]

posted

[essexboy]

Intriguing, what location does Avast say it is in ?

[demontosome26]

"C:\WINDOWS\system32" for Original Location.

[essexboy]

Is it in the chest now ?

[demontosome26]

Yes sir.  At first it told me it couldn't be moved to the chest, deleted, or fixed, but later when I opened Avast I found it in there. 

[essexboy]

Leave it there for now and check it again in a bout a weeks time

Although metamail appears to be a Linux programme

[demontosome26]

I'll let you know, essexboy.

[demontosome26]

I ran a scan on the file today and it came back with "MCSysUtil -no virus-".  I'm assuming that means it's safe, so should I restore the file?