Removed: msmgsn.exe, iNETBLOCK.EXE

March 4, 2010 by NightWatcher
Filed under: Malware 
: Solved!

You should Download Removal Tool here...

Malware: instal_inetblock.exe
Removed: C:\WINDOWS\system32\msmgsn.exe
C:\INETBLOCK\iNETBLOCK.EXE
—————————————————————————————————————————-
Classification:

Antivirus Version Last Update Result
F-Secure 9.0.15370.0 2010.03.01 Generic.Banker.Delf.FF3773BF
Kaspersky 7.0.0.125 2010.03.01 -
McAfee 5906 2010.02.28 -
Microsoft 1.5502 2010.02.28 Trojan:Win32/Sisron
NOD32 4903 2010.02.28 probably a variant of Win32/Agent

—————————————————————————————————————————-
Additional information
File size: 1049034 bytes
MD5 : ea7b323afd585076da86e5e0734555fe
SHA1 : dc1669c35bed94369d9a544533062be5df0255b0
SHA256: 4aa43d75a11f0c3bb211c79025f0d41e4203ce68e0f80dc0bcf40c7d5f215fbe
—————————————————————————————————————————-
Installation
When the program is executed, it creates the following registry subkeys and values:

———————————-
Keys added:5
———————————-
HKCU\Control Panel\int
HKCU\Control Panel\int\control
HKCU\Control Panel\s_inetb
HKCU\Software\Microsoft\Windows NT\CurrentVersion\INB_IMAGEM
HKCU\Software\Microsoft\bint

———————————-
Values added:30
———————————-
HKCU\Control Panel\int\control\INICIAL: “S”
HKCU\Control Panel\int\control\S1: “02856132417987R141520AS1405″
HKCU\Control Panel\int\control\S2: “500116400124306120141RT1013″
HKCU\Control Panel\int\control\S3: “A21306402821006910PE15″
HKCU\Control Panel\int\control\S4: “8862054236194601197747E0100″
HKCU\Control Panel\int\control\S5: “11202646490A32RQ1011″
HKCU\Control Panel\int\control\S6: “09014936321055D107201P01612″
HKCU\Control Panel\int\control\S7: “12020942349937A153214UE3010″
HKCU\Control Panel\int\control\S8: “504137WE0731″
HKCU\Control Panel\int\control\S9: “143091420911072298923FE0010″
HKCU\Control Panel\int\control\S10: “0295714564115240RT0014″
HKCU\Control Panel\int\control\S11: “RT0014″
HKCU\Control Panel\int\control\ATIVADO: “true”
HKCU\Control Panel\int\control\USO: “2″
HKCU\Control Panel\int\control\Type: “0″
HKCU\Control Panel\s_inetb\SERIAL: “9799291059″
HKCU\Control Panel\s_inetb\Licenciado: “Nao Registrado”
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\INBlock: “C:\INETBLOCK\iNETBLOK.EXE”
HKCU\Software\Microsoft\Windows NT\CurrentVersion\INB: “C:\INETBLOCK\”
HKCU\Software\Microsoft\Windows NT\CurrentVersion\INB_SYS: “C:\WINDOWS”
HKCU\Software\Microsoft\Windows NT\CurrentVersion\INB_IMAGEM\Periodo_repro_ini: “00:00:00″
HKCU\Software\Microsoft\Windows NT\CurrentVersion\INB_IMAGEM\Periodo_repro_fim: “00:00:00″
HKCU\Software\Microsoft\Windows NT\CurrentVersion\INB_IMAGEM\CAPTURAR_IMG: “N”
HKCU\Software\Microsoft\Windows NT\CurrentVersion\INB_IMAGEM\Data: “01/01/00″
HKCU\Software\Microsoft\bint\Portam: “AEAE”
HKCU\Software\Microsoft\bint\Ativ_red: “N”
HKCU\Software\Microsoft\bint\Vs: “1.5″
HKCU\Software\Microsoft\bint\Ativa_perm: 0×00000000
HKCU\Software\Microsoft\bint\Reg_bloq: 0×00000001
HKCU\Software\Microsoft\bint\Ativa_mon: 0×00000000

———————————-
Values modified:2
———————————-
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit: “C:\WINDOWS\system32\userinit.exe,”
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit: “C:\WINDOWS\System32\msmgsn.exe,C:\WINDOWS\system32\userinit.exe,”

———————————-
Files added:15
———————————-
C:\Documents and Settings\All Users\Start Menu\Programs\iNETBLOCK\iNETBLOCK.lnk
C:\WINDOWS\system32\apm.dll
C:\WINDOWS\system32\crsm.res
C:\WINDOWS\system32\dext.lib
C:\WINDOWS\system32\hss.dll
C:\WINDOWS\system32\inebl.dat
C:\WINDOWS\system32\inex.exe
C:\WINDOWS\system32\losys.dll
C:\WINDOWS\system32\msmgsn.exe
C:\WINDOWS\exsys.res
C:\WINDOWS\winhlp8.chm
C:\ilg.lib
C:\INETBLOCK\desinstalador.exe
C:\INETBLOCK\inetax.exe
C:\INETBLOCK\iNETBLOCK.EXE

———————————-
Folders added:6
———————————-
C:\Documents and Settings\All Users\Start Menu\Programs\iNETBLOCK
C:\Documents and Settings\Cookies
C:\Documents and Settings\Cookies\help
C:\Documents and Settings\Cookies\help\net
C:\Documents and Settings\Cookies\help\net\net1m
C:\INETBLOCK

———————————-
Total changes:58
———————————-

—————————————————————————————————————————-
Detected by UnHackMe:

Item Name: UserInit
Author: Unknown
Related File: C:\WINDOWS\System32\msmgsn.exe,C:\WINDOWS\system32\userinit.exe,
Type: UserInit Value

Item Name: INBlock
Author:
Related File: C:\INETBLOCK\iNETBLOK.EXE
Type: Registry Run

Item Name: msmgsn.exe
Author: Unknown
Related File: C:\WINDOWS\SYSTEM32\MSMGSN.EXE
Type: Running Processes

Item Name: iNETBLOCK.EXE
Author:
Related File: C:\INETBLOCK\INETBLOCK.EXE
Type: Running Processes

Removal Results: Success
Number of reboot: 1
—————————————————————————————————————————-
Recommended software:
UnHackMe anti-rootkit and anti-malware
http://www.unhackme.com
RegRun Security Suite (Good choice for removal and protection)
http://www.regrun.com


Recommended: UnHackMe anti-rootkit and anti-malware

Premium software: RegRun Security Suite (Good choice for removal and protection)

Written by

Malware Hunter.

Tags: INBlock, iNETBLOCK.EXE, msmgsn.exe

Comments

Tell me what you're thinking...
and oh, if you want a pic to show with your comment, go get a gravatar!

You must be logged in to post a comment.