TASKMGRU.EXE, MSIMN32.EXE, BHOASS.DLL...and MORE

[meggsgj]

I had a new virus yesterday evening and after searching (on different machine!) it seemed to be very similar to that posted as http://www.techsupportforum.com/sho...?threadid=49162, but before posting I followed the steps in your spyware tutorial.

When I ran Trend micro online I found
'HouseCall has found 6 infected files'
TROJ LOADER.E C:\WINDOWS\SYSTEM32\MSIMN32.EXE
TROJ LOADER.E C:\WINDOWS\SYSTEM32\TASKMGRU.EXE
TROJ STARTPAG.NZ C:\WINDOWS\BHOASS.DLL
TROJ STARTPAG.NZ C:\WINDOWS\BHOASSW.DLL
TROJ LOADER.E C:\WINDOWS\EXPLORER32DBG.EXE
TROJ LOADER.E C:\WINDOWS\IEXPLORE_DBG.EXE

All 'Non Cleanable'...so I chose to delete, but top two could not be cleaned because they were in use. I closed Internet explorer, but then could not open it again - message said that file c:\program files\internet explorer\iexplore.exe did not exist. I checked and it did exist, but gave me same message when I clicked on it directly.

I renamed iexplore.exe to foo.exe and ran - this brought up Internet Explorer but it said it was running in 'compatibility mode'. So IE works, but not fully.

I then ran Trend micro again and got just the following 2
TROJ LOADER.E C:\WINDOWS\SYSTEM32\MSIMN32.EXE
TROJ LOADER.E C:\WINDOWS\SYSTEM32\TASKMGRU.EXE

again they could be deleted so I moved on with recommended tasks and all was well until I ran Kill2Me. This ran successfully, but said that taskbar and desktop would disappear temporarily - They went alright, but haven't come back yet! I have tried booting in normal and safe mode, but to no avail.

I can get to some programs (using CTRL+ALT+DEL and taskmanager), but things are very difficult and i don't know if I have fixed the original problem.

Can someone help please!!!

[greyknight17]

Welcome to TSF.

Give us these two logs:

Please download HijackThis http://www.greyknight17.com/spy/HijackThis.exe - this program will help us determine if there are any spyware/malware on your computer. Create a folder at C:\HJT and move HijackThis.exe there. Double click on the program to run it.

1. If it gives you an intro screen, just choose 'Do a system scan and save a logfile'.
2. If you don't get the intro screen, just hit Scan and then click on Save log.
3. Get HijackThis Analyzer http://www.greyknight17.com/spy/KRC%...20Analyzer.zip and save it to the same folder as the hijackthis.log file. Run HijackThis Analyzer and type in 'y' if you agree. The 'result.txt' file will open up in Notepad. Copy the whole result.txt log and post it in the forum. You don't need to post the original hijackthis.log (unless we ask for it). Do not fix anything in HijackThis since they may be harmless.

Please empty any Quarantine folder in your antivirus program and purge all recovery items in the Spybot program (if you use it) before running this tool.

Download the Mwav virus checker at http://www.mwti.net/antivirus/mwav.asp (Use Link 3)

1. Save it to a folder.
2. Reboot into Safe Mode.
3. Double click the Mwav.exe file. This is a stand alone tool and NOT just a virus checker......so it won't install anything.
4. Select all local drives, scan all files, and press SCAN. When it is completed, anything found will be displayed in the lower pane.
5. In the Virus Log Information Pane......
Left click and highlight all the information in the Lower pane --- Use &CTRL C &on your keyboard to copy everything found in the lower pane and save it to a notepad file
*Note* If prompted that a virus was found and you need to purchase the product to remove the malware, just close out the prompt and let it continue scanning. We are not going to use this to remove anything...but to ID the bad files.

Once you copy that to a Notepad file...highlight the text and copy it here.

[meggsgj]

Many thanks for your advice, but things went from bad to worse and I decided to perform a system rebuild.

Keep doing a great job!!