Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations gkittelson on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Is msnp.exe a virus? Can you translate the bottom section? 1

Status
Not open for further replies.
Davidishere

Davidishere

Technical User
Dec 3, 2003
1
IL
My son complained of very slow functioning of his pc (WIN XP, Norton 2002 installed and up-to-date). I checked the cpu usage and found that 98% was being used by the executable, msnp.exe. I tried to find out what this is with no luck. I checked on Microsoft Support with no usefull information there. In searching Google I found the information below which appears to describe something like I have seen - at least the registry references are consistent to what I found on the problem machine. Renaming this file to a non executable (msnp.exx) solved the slow-down but I am not sure what other effects this might have on the pc. Any thoughts would be appreciated.

David

Rootkit windows.exe

Este archivo fue encontrado en el directorio /C:\Winnt\System32/ y descomprime los siguientes archivos en el directorio donde se encuentre ubicado.

Al ejecutar el archivo se crean los siguientes archivos:



ipcpass.dic: Archivo de texto que contiene una lista de posibles passwords utilizados en un ataque de fuerza bruta.
IpcScan.txt: Contiene una lista de direcciones IP que han sido escaneadas.
release.exe: Archivo troyano que se copia en C:\winnnt\system32 como "svhost.exe" y crea un proceso en memoria con el mismo nombre, además abre una puerta trasera en el puerto 113/TCP. El troyano crea una entrada en el registro (HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run y HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices) denominada "Configuration Loader" con el valor de "svhost.exe".
rscan.exe: Escaner de cuentas NT de línea de comando (IPScan).
msnp.exe: Archivo troyano que se copia en C:\winnnt\system32 como "msnp.exe" y crea un proceso en memoria con el mismo nombre, además abre una puerta trasera en los puertos 113/TCP y 2138/TCP. El troyano crea una entrada en el registro (HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run y HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices) denominada "Configuration Loader" con el valor de "msnp.exe".
afdx.exe: Similar al archivo "msnp.exe".
PSEXEC.EXE: Utilidad no maliciosa para sistemas Windows NT y 2000 que permite al usuario ejecutar procesos en sistemas remotos sin haber instalado un componente para el cliente. Sin embargo, para ser capaz de ejecutar procesos, se deben suministrar credenciales de inicio de sesión.



 
Sort by date Sort by votes
A rootkit is a tool (essetially a trojan, but they vary) used to remotely attack your system and is usually very hard to detect. The text below describes the various files that are included and what purpose they serve. Did you find any of these files? Have you done a search with hidden files shown?
Also note this writeup from Symantec, explaining a trojan that somewhat matches your description.
Search for those and report back to us.

 
Upvote 0 Downvote
Try a few of these online scanners faq760-3862
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

iambob
  • Locked
  • Question
Avast Anti-Virus is.. a virus?! 3
Replies
5
Views
287
Oorde
Oorde
2ffat
  • Locked
  • News
Audacity is Spyware?
Replies
2
Views
237
2ffat
2ffat
Henry Pence
  • Locked
  • Question
Is Norton Antivirus Necessary?
Replies
2
Views
210
Henry Pence
Henry Pence
shivajiboss
  • Locked
  • Question
I am getting a problem while opening up my windows
Replies
1
Views
261
2ffat
2ffat
ChrisOfOz
  • Locked
  • Question
Lenovo startup problem please any ideas? 2
Replies
10
Views
769
Yoko Littner
Yoko Littner

Part and Inventory Search

Sponsor

Back
Top