msCMTsrvc.exe, Trojan??

[Pondus]

Also, here is the VirusTotal scan result of the mscmtsrvc.exe file..

http://www.virustotal.com/file-scan/report.html?id=dd9e5865871e48436d4cc732181f009c58a55ecf8f01178bed78256ee20252f6-1324914721#

And just in case it doesn't display, here's the MD5 hash:

253b4b8cfc67d44f63e39328ab1f4682

you posted an old report...( 2011-08-14 ) you should have clicked the "rescan" button

[R0NIN]

Also, here is the VirusTotal scan result of the mscmtsrvc.exe file..

http://www.virustotal.com/file-scan/report.html?id=dd9e5865871e48436d4cc732181f009c58a55ecf8f01178bed78256ee20252f6-1324914721#

And just in case it doesn't display, here's the MD5 hash:

253b4b8cfc67d44f63e39328ab1f4682

you posted an old report...( 2011-08-14 ) you should have clicked the "rescan" button

I did click the rescan button. The URL is current, as the file was uploaded earlier today. The MD5 hash I copied, after clicking "Show All" once the analysis was completed. It was the only reference I could find to this file. I also see I'm not the only one having an issue with links to VT.. As per your post on another topic:




You Posted on topic:

http://forum.avast.com/index.php?topic=91068.0
   
Virus Total URL's Posted Here seem to get broken
« Reply #2 on: Today at 10:13:01 PM »
   
happens often...the best is to also post the MD5 as then we can do a search at VT



I tried resubmitting the file again and it just sits there "Queueing" forever but doesn't get scanned. This with my Avast shields disabled so that nothing is blocking it from being uploaded.

[R0NIN]

Okay I was finally able to have some luck with Jotti.. VT, still won't upload. Not sure if there's too much traffic but a 15 minute wait is pretty long even for their service load.. But here's the link for Jotti's scan:

hxxp://virusscan.jotti.org/en/scanresult/dd30a82b33fb15f1dd2230cdc5a455878593c0c6

Also, the MD5 Hash:

253b4b8cfc67d44f63e39328ab1f4682

[essexboy]

Sort of 50-50 on that.  However, Dr Web does also detect it so it may well be a good detection

What problems do you have at the moment ? 

[R0NIN]

Thank you for your reply Essexboy.

Currently I don't seem to be having any issues, except for the detection of that specific file (mscmtsrvc.exe) and the 2 restore points. That seems to be the only detectable issues. I'm just not certain where to go from here.. Either to disable or remove the file (mscmtsrvc.exe) and it's restore points and how to do so or to just leave it be and quarantined in the chest. I submitted this file to Avast a few updates back but it is still detected and flagged on recent updates. Unfortunately I'm not knowledgeable enough on the process, to know whether it's better to keep it or remove it or how and what the repercussions will be. Odd that there isn't much background on this file or it's publisher.. Just that it's used to make suggestions to the Consumer of the PC of Compaq products and that it's isolated to Compaq model PC's and the Presario line. Seems like a prime example of Corporate Spyware.

[essexboy]

You can purge the restore points and that will cease those alerts, but prior to that quarantine the file and let Avast run a check on it every so often.  But looking at VT this appears a good detection

Follow these steps to purge Restore Points:
 1.Go to Start | All Programs | Accessories | System Tools | Disk Cleanup.
 2.Select the More Options tab in the Disk Cleanup dialog box.
 3.Click the Clean Up button in the System Restore panel.
 4.Press the Yes button when prompted to confirm the delete operation.

The Disk Cleanup utility will allow you to delete allRestore Points except for the most recent Restore Point.

[tito_13]

Sort of 50-50 on that.  However, Dr Web does also detect it so it may well be a good detection

What problems do you have at the moment ? 
Gays j have e problem avast detected trojan. c:/hiberfil.sys (j dont know where is it- j try to find end j dont have like this) avast call it Win32:L.mir-KO[trj] . j cant remove this and cant find it

[essexboy]

Turn off the system hibernation feature and then it will go.  Reboot and then reset system hibernation 

[R0NIN]

You can purge the restore points and that will cease those alerts, but prior to that quarantine the file and let Avast run a check on it every so often.  But looking at VT this appears a good detection

Follow these steps to purge Restore Points:
 1.Go to Start | All Programs | Accessories | System Tools | Disk Cleanup.
 2.Select the More Options tab in the Disk Cleanup dialog box.
 3.Click the Clean Up button in the System Restore panel.
 4.Press the Yes button when prompted to confirm the delete operation.

The Disk Cleanup utility will allow you to delete allRestore Points except for the most recent Restore Point.

I deleted all restore points. File is showing up as detected, even with the most current definitions. In your opinion, should I just leave it in Quarantine and for how long?

[essexboy]

Leave it in the chest and once a week rescan it with Avast... If it still shows infected and you are experiencing no problems due to the lack of this file then you may delete it