Removed: msmgsn.exe, iNETBLOCK.EXE

I will tell you in this post how to fix the issue manually and how to clean it automatically using a special powerful removal tool. You can download the removal program for free here:

Malware: instal_inetblock.exe
Removed: C:\WINDOWS\system32\msmgsn.exe
C:\INETBLOCK\iNETBLOCK.EXE
—————————————————————————————————————————-
Classification:

Antivirus Version Last Update Result
F-Secure 9.0.15370.0 2010.03.01 Generic.Banker.Delf.FF3773BF
Kaspersky 7.0.0.125 2010.03.01 -
McAfee 5906 2010.02.28 -
Microsoft 1.5502 2010.02.28 Trojan:Win32/Sisron
NOD32 4903 2010.02.28 probably a variant of Win32/Agent

—————————————————————————————————————————-
Additional information
File size: 1049034 bytes
MD5 : ea7b323afd585076da86e5e0734555fe
SHA1 : dc1669c35bed94369d9a544533062be5df0255b0
SHA256: 4aa43d75a11f0c3bb211c79025f0d41e4203ce68e0f80dc0bcf40c7d5f215fbe
—————————————————————————————————————————-
Installation
When the program is executed, it creates the following registry subkeys and values:

———————————-
Keys added:5
———————————-
HKCU\Control Panel\int
HKCU\Control Panel\int\control
HKCU\Control Panel\s_inetb
HKCU\Software\Microsoft\Windows NT\CurrentVersion\INB_IMAGEM
HKCU\Software\Microsoft\bint


Will you remove it?
0 0

Download Removal Tool for Free

People say

Visitor post

———————————-
Values added:30
———————————-
HKCU\Control Panel\int\control\INICIAL: “S”
HKCU\Control Panel\int\control\S1: “02856132417987R141520AS1405″
HKCU\Control Panel\int\control\S2: “500116400124306120141RT1013″
HKCU\Control Panel\int\control\S3: “A21306402821006910PE15″
HKCU\Control Panel\int\control\S4: “8862054236194601197747E0100″
HKCU\Control Panel\int\control\S5: “11202646490A32RQ1011″
HKCU\Control Panel\int\control\S6: “09014936321055D107201P01612″
HKCU\Control Panel\int\control\S7: “12020942349937A153214UE3010″
HKCU\Control Panel\int\control\S8: “504137WE0731″
HKCU\Control Panel\int\control\S9: “143091420911072298923FE0010″
HKCU\Control Panel\int\control\S10: “0295714564115240RT0014″
HKCU\Control Panel\int\control\S11: “RT0014″
HKCU\Control Panel\int\control\ATIVADO: “true”
HKCU\Control Panel\int\control\USO: “2″
HKCU\Control Panel\int\control\Type: “0″
HKCU\Control Panel\s_inetb\SERIAL: “9799291059″
HKCU\Control Panel\s_inetb\Licenciado: “Nao Registrado”
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\INBlock: “C:\INETBLOCK\iNETBLOK.EXE”
HKCU\Software\Microsoft\Windows NT\CurrentVersion\INB: “C:\INETBLOCK\”
HKCU\Software\Microsoft\Windows NT\CurrentVersion\INB_SYS: “C:\WINDOWS”
HKCU\Software\Microsoft\Windows NT\CurrentVersion\INB_IMAGEM\Periodo_repro_ini: “00:00:00″
HKCU\Software\Microsoft\Windows NT\CurrentVersion\INB_IMAGEM\Periodo_repro_fim: “00:00:00″
HKCU\Software\Microsoft\Windows NT\CurrentVersion\INB_IMAGEM\CAPTURAR_IMG: “N”
HKCU\Software\Microsoft\Windows NT\CurrentVersion\INB_IMAGEM\Data: “01/01/00″
HKCU\Software\Microsoft\bint\Portam: “AEAE”
HKCU\Software\Microsoft\bint\Ativ_red: “N”
HKCU\Software\Microsoft\bint\Vs: “1.5″
HKCU\Software\Microsoft\bint\Ativa_perm: 0×00000000
HKCU\Software\Microsoft\bint\Reg_bloq: 0×00000001
HKCU\Software\Microsoft\bint\Ativa_mon: 0×00000000

———————————-
Values modified:2
———————————-
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit: “C:\WINDOWS\system32\userinit.exe,”
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit: “C:\WINDOWS\System32\msmgsn.exe,C:\WINDOWS\system32\userinit.exe,”

———————————-
Files added:15
———————————-
C:\Documents and Settings\All Users\Start Menu\Programs\iNETBLOCK\iNETBLOCK.lnk
C:\WINDOWS\system32\apm.dll
C:\WINDOWS\system32\crsm.res
C:\WINDOWS\system32\dext.lib
C:\WINDOWS\system32\hss.dll
C:\WINDOWS\system32\inebl.dat
C:\WINDOWS\system32\inex.exe
C:\WINDOWS\system32\losys.dll
C:\WINDOWS\system32\msmgsn.exe
C:\WINDOWS\exsys.res
C:\WINDOWS\winhlp8.chm
C:\ilg.lib
C:\INETBLOCK\desinstalador.exe
C:\INETBLOCK\inetax.exe
C:\INETBLOCK\iNETBLOCK.EXE

———————————-
Folders added:6
———————————-
C:\Documents and Settings\All Users\Start Menu\Programs\iNETBLOCK
C:\Documents and Settings\Cookies
C:\Documents and Settings\Cookies\help
C:\Documents and Settings\Cookies\help\net
C:\Documents and Settings\Cookies\help\net\net1m
C:\INETBLOCK

———————————-
Total changes:58
———————————-

—————————————————————————————————————————-
Detected by UnHackMe:

Item Name: UserInit
Author: Unknown
Related File: C:\WINDOWS\System32\msmgsn.exe,C:\WINDOWS\system32\userinit.exe,
Type: UserInit Value

Item Name: INBlock
Author:
Related File: C:\INETBLOCK\iNETBLOK.EXE
Type: Registry Run

Item Name: msmgsn.exe
Author: Unknown
Related File: C:\WINDOWS\SYSTEM32\MSMGSN.EXE
Type: Running Processes

Item Name: iNETBLOCK.EXE
Author:
Related File: C:\INETBLOCK\INETBLOCK.EXE
Type: Running Processes

Removal Results: Success
Number of reboot: 1
—————————————————————————————————————————-
Recommended software:
UnHackMe anti-rootkit and anti-malware
http://www.unhackme.com
RegRun Security Suite (Good choice for removal and protection)
http://www.regrun.com


I use UnHackMe for cleaning ads and viruses from my friend's computers, because it is extremely fast and effective.




STEP 1: Download UnHackMe for free

UnHackMe removes Adware/Spyware/Unwanted Programs/Browser Hijackers/Search Redirectors from your PC easily.

Free Download

UnHackMe is compatible with most antivirus software.
UnHackMe is 100% CLEAN, which means it does not contain any form of malware, including adware, spyware, viruses, trojans and backdoors. VirusTotal (0/56).
System Requirements: Windows 2000-Windows 8.1/10 32 or 64-bit. UnHackMe uses minimum of computer resources.

STEP 2: Double click on UnHackMe_setup.exe

You will see a confirmation screen with verified publisher: Greatis Software. Verified Publisher Greatis Software

Once UnHackMe has installed the first Scan will start automatically

Review the detected threats

STEP 3: Carefully review the detected threats!

Click Remove button or False Positive.

Enjoy!

6 votes, average: 5.00 out of 56 votes, average: 5.00 out of 56 votes, average: 5.00 out of 56 votes, average: 5.00 out of 56 votes, average: 5.00 out of 5 (6 votes, average: 5.00 out of 5)
You need to be a registered member to rate this.
Loading...