Author Topic: msmpeng.exe  (Read 3592 times)

Offline cassie22

  • Newbie
  • *
  • Posts: 2
    • Personal Message (Offline)
msmpeng.exe
« on: September 13, 2010, 10:53:37 AM »
Hi

Recently I scanned my computer and the antivirus shown that there are several files (msmpeng.exe) are infected (and one of them is infected by trojan) but I can't do anything to deal with them...Please help!

Offline Tech

  • avast! team
  • Certainly Bot
  • *
  • Posts: 64880
  • Gender: Male
    • Personal Message (Offline)
Re: msmpeng.exe
« Reply #1 on: September 13, 2010, 11:22:20 AM »
I suggest:

1. Clean your temporary files.
2. Schedule a boot time scanning with avast with archive scanning turned on. If avast does not detect it, you can try DrWeb CureIT! instead.
3. Use MBAM (or SUPERantispyware or even Spyware Terminator) to scan for spywares and trojans. If any infection is detected, it is better and safer to send the infected file(s) to quarantine (Chest), rather than simply deleting them.
4. Test your machine with anti-rootkit applications. I suggest avast! antirootkit or Trend Micro RootkitBuster.
5. Make a HijackThis log to post here or this analysis site. Or even submit the RunScanner log to to on-line analysis.
6. Clean your Hosts file (replacing it) with HostsMan tool.
7. Disable System Restore and then reenable it again.
8. Immunize your system with SpywareBlaster.
9. Check if you have insecure applications with Secunia Software Inspector.
The best things in life are free.

Offline DavidR

  • avast! √úberevangelist
  • Certainly Bot
  • *****
  • Posts: 69213
  • Gender: Male
  • No support PMs thanks
    • Personal Message (Offline)
Re: msmpeng.exe
« Reply #2 on: September 13, 2010, 01:43:21 PM »
Hi

Recently I scanned my computer and the antivirus shown that there are several files (msmpeng.exe) are infected (and one of them is infected by trojan) but I can't do anything to deal with them...Please help!

You have windows defender installed ?
- it is loading unencrypted virus signatures into memory.

You are running a custom scan - you have elected to scan Memory ?

These detections are in memory and are loaded by msmpeng.exe it doesn't mean that msmpeng.exe is infected.

~~~~
- Detections in Memory - The Custom scan in which you have elected to scan Memory and that all these detections are in memory or are listings of files that can't be scanned. Since they aren't physical files they can't be moved to the chest, deleted, etc. so there is no action that can be taken, hence the Apply button being greyed out.

The detections in memory are frequently other security applications loading unencrypted virus signatures into memory.

Having set off a scan of memory by an antivirus application looking for virus signatures, don't be too surprised if it finds some in memory.
Core2Duo E8300/ 4GB Ram/ WinXP ProSP3/ avast! free 2014 9.0.2018/ Outpost Firewall Pro9.1/ Firefox 28.0, NoScript, RequestPolicy/ MailWasher Pro/ DropMyRights/ MalwareBytes AntiMalware Premium 2.0.1/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security

Offline cassie22

  • Newbie
  • *
  • Posts: 2
    • Personal Message (Offline)
Re: msmpeng.exe
« Reply #3 on: September 13, 2010, 03:13:46 PM »
Thanks for your replies

I don't know much about computer so actually I don't understand what the replies mean.


You have windows defender installed ?
- it is loading unencrypted virus signatures into memory.

You are running a custom scan - you have elected to scan Memory ?

These detections are in memory and are loaded by msmpeng.exe it doesn't mean that msmpeng.exe is infected.

~~~~
- Detections in Memory - The Custom scan in which you have elected to scan Memory and that all these detections are in memory or are listings of files that can't be scanned. Since they aren't physical files they can't be moved to the chest, deleted, etc. so there is no action that can be taken, hence the Apply button being greyed out.

The detections in memory are frequently other security applications loading unencrypted virus signatures into memory.

Having set off a scan of memory by an antivirus application looking for virus signatures, don't be too surprised if it finds some in memory.

I installed the Windows Defender and I chose to scan Memory . You mean the " infected files" cannot be deleted but in my computer scan results the "files" are marked as :
Win32:BHO-TA[Trj]
JS:Pdfka-AJM[Expl]
NSIS:Downloader-CC[Trj]
BV::AutoRun-E[Wrm]
Win32:Wmall-gen2[Trj]
Win32:Small-HUF[Trj]
Win32:2bot-AVH[Trj]

I wondered if they are really infected and what should I do....

Offline DavidR

  • avast! √úberevangelist
  • Certainly Bot
  • *****
  • Posts: 69213
  • Gender: Male
  • No support PMs thanks
    • Personal Message (Offline)
Re: msmpeng.exe
« Reply #4 on: September 13, 2010, 03:37:58 PM »
You can't delete a memory block these aren't physical files in the same sense as a file on your hard disk.

What should you do either stop scanning the memory of stop using windows defender so it doesn't load virus unencrypted signatures into memory. The Quick and Full System scans are fine for all normal purposes. Either that or you have to know what the repercussions of a custom scan and any settings that you add/change.
Core2Duo E8300/ 4GB Ram/ WinXP ProSP3/ avast! free 2014 9.0.2018/ Outpost Firewall Pro9.1/ Firefox 28.0, NoScript, RequestPolicy/ MailWasher Pro/ DropMyRights/ MalwareBytes AntiMalware Premium 2.0.1/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security

 

Google Chrome

AVAST recommends using the FREE Google Chrome™ browser.

Download Google Chrome Now