msys32.exe - Dangerous
msys32.exe
Manual removal instructions:
Antivirus Report of msys32.exe:
msys32.exe
I-Worm.Masana is a worm virus spreading via the Internet as an attachment to infected emails.
The worm has bugs in its code; as a result some of its routines don't work.
Copies itself into the Windows system directory with under the msys32.exe name and registers this file in the system registry or in the SYSTEM.INI auto-run keys:
SYSTEM.INI
[boot]
shell=Explorer.exe msys32.exe -dontrunold
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Also, creates two additional files on disk that manage the exploit: ERunAsX.exe; ERunAsX.dll
Then creates another copy of itself under the name EEXPLORER.EXE name and by using DepPLoit exploit starts this copy with administrator rights.
To send infected messages the worm uses Windows MAPI functions.
To get victim email addresses Masana:
- looks for *.HTM* files and extracts email-like strings
- by using Windows MAPI functions it reads all unread messages from the Inbox and answers them.
This worm also:
- disables the MS Outlook Express 5.0 MAPISendMail warning.
- adds to the system the user named masyanechkaa with Admin privileges (under Windows NT)
Automatic removal: Use RegRun Startup Optimizer to remove it from startup.
| msys32.exe | Malware |
| msys32.exe | Dangerous |
| msys32.exe | High Risk |
The worm has bugs in its code; as a result some of its routines don't work.
Copies itself into the Windows system directory with under the msys32.exe name and registers this file in the system registry or in the SYSTEM.INI auto-run keys:
SYSTEM.INI
[boot]
shell=Explorer.exe msys32.exe -dontrunold
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Also, creates two additional files on disk that manage the exploit: ERunAsX.exe; ERunAsX.dll
Then creates another copy of itself under the name EEXPLORER.EXE name and by using DepPLoit exploit starts this copy with administrator rights.
To send infected messages the worm uses Windows MAPI functions.
To get victim email addresses Masana:
- looks for *.HTM* files and extracts email-like strings
- by using Windows MAPI functions it reads all unread messages from the Inbox and answers them.
This worm also:
- disables the MS Outlook Express 5.0 MAPISendMail warning.
- adds to the system the user named masyanechkaa with Admin privileges (under Windows NT)
Automatic removal: Use RegRun Startup Optimizer to remove it from startup.
Dmitry Sokolov:
I created UnHackMe in 2006 to fix the problem that antivioruses did not fix: detecting rootkits.
Since that time I work every day to fix the issues that antiviruses cannot.
If your antivirus have not helped you solve the problem, you should try UnHackMe.
We are a small company and you can ask me directly, if you have any questions.