StarHopper
2010-03-10, 17:32
Hi;
Noob here, tho I've been an SBD&S client for a few years now. I've had items of concern previously but never asked here (didn't know the forum existed until about an hour ago)....but this morning I encountered something that's made me finally look for some assistance. It's a bit long winded, as it's a potentially complex issue, so please forgive that - I just wanted to ensure as much detail as possible. Also, being inexperienced here I'm not sure this is the "correct" forum section, so begging pardon for that too if I'm out of place.
And with that, here goes with my problem:
After running the latest security updates yesterday, this morning when I started my computer I got an alert from Spybot Search & Destroy it had detected a threat; eg "...has encountered and terminated a process that is listed as part of a malicious software." -- and listed it as follows:
Process ID: 2932
Identified as: Win32.GBDialer.j
Filename: msfeedssync.exe
Found in: C:\WINDOWS\system32\
I opened Windows Explorer and indeed found that file there under system32\....and showing a 'last modified' time & date of this morning. I don't know if the modification time/date was due to the action of Spybot S&D or not - and am curious about that.
I got online & Google'd "msfeedssync", and saw some statements about it being a Dialer & what it does, but also other statements saying it is not a virus....some saying it is malicious & some saying it's not. Best scenario would be to Google it yourself & you can see first-hand what I encountered. Basically, I was left confused. And of course, concerned.
I have several anti-malware apps installed, so due to my concern about this app being potentially harmful, (I just got thru one awful virus ordeal in January that was quite difficult - and expensive - to get cleaned, DESPITE all these installed safeguards) I decided to run scans on my Windows\System32 folder, where this app was seen. I scanned it with Symantec AntiVirus, Malwarebytes Anti-Malware, and Webroot AntiVirus with Spysweeper. All 3 reported no malicious items were detected.
At this point, I still don't know what to believe. There seems to be a pretty good concensus on the Web it's not a good thing. Why does Spybot S&D declare this as malicious, & the other three do not? I see (with Windows Explorer) the file/.exe application is still there, and I wonder if I should delete it. Of additional concern is, right alongside this .exe file are two other very similarly named .dll files: msfeeds.dll (581 Kb) and msfeedsbs.dll (54 Kb), and both date/time stamped identically, & which coincides with the time I got the bad virus infestation. Should I delete those two also? And why did SBS&D not detect or report those as undesirables, if they are in fact a part of what it did detect?
I would appreciate your insights & advice as to what I should do. In the meantime, I am preparing to rename all 3 by adding "!!!!!x" to the front of their filenames, so it'll hopefully keep them from being activated by something else, plus so they'll stand out for re-finding later if I need to delete them; and as another test to see if something re-installs the files under their correct name.
Thank you for your time & patience,
StarHopper
3/10/2010
Noob here, tho I've been an SBD&S client for a few years now. I've had items of concern previously but never asked here (didn't know the forum existed until about an hour ago)....but this morning I encountered something that's made me finally look for some assistance. It's a bit long winded, as it's a potentially complex issue, so please forgive that - I just wanted to ensure as much detail as possible. Also, being inexperienced here I'm not sure this is the "correct" forum section, so begging pardon for that too if I'm out of place.
And with that, here goes with my problem:
After running the latest security updates yesterday, this morning when I started my computer I got an alert from Spybot Search & Destroy it had detected a threat; eg "...has encountered and terminated a process that is listed as part of a malicious software." -- and listed it as follows:
Process ID: 2932
Identified as: Win32.GBDialer.j
Filename: msfeedssync.exe
Found in: C:\WINDOWS\system32\
I opened Windows Explorer and indeed found that file there under system32\....and showing a 'last modified' time & date of this morning. I don't know if the modification time/date was due to the action of Spybot S&D or not - and am curious about that.
I got online & Google'd "msfeedssync", and saw some statements about it being a Dialer & what it does, but also other statements saying it is not a virus....some saying it is malicious & some saying it's not. Best scenario would be to Google it yourself & you can see first-hand what I encountered. Basically, I was left confused. And of course, concerned.
I have several anti-malware apps installed, so due to my concern about this app being potentially harmful, (I just got thru one awful virus ordeal in January that was quite difficult - and expensive - to get cleaned, DESPITE all these installed safeguards) I decided to run scans on my Windows\System32 folder, where this app was seen. I scanned it with Symantec AntiVirus, Malwarebytes Anti-Malware, and Webroot AntiVirus with Spysweeper. All 3 reported no malicious items were detected.
At this point, I still don't know what to believe. There seems to be a pretty good concensus on the Web it's not a good thing. Why does Spybot S&D declare this as malicious, & the other three do not? I see (with Windows Explorer) the file/.exe application is still there, and I wonder if I should delete it. Of additional concern is, right alongside this .exe file are two other very similarly named .dll files: msfeeds.dll (581 Kb) and msfeedsbs.dll (54 Kb), and both date/time stamped identically, & which coincides with the time I got the bad virus infestation. Should I delete those two also? And why did SBS&D not detect or report those as undesirables, if they are in fact a part of what it did detect?
I would appreciate your insights & advice as to what I should do. In the meantime, I am preparing to rename all 3 by adding "!!!!!x" to the front of their filenames, so it'll hopefully keep them from being activated by something else, plus so they'll stand out for re-finding later if I need to delete them; and as another test to see if something re-installs the files under their correct name.
Thank you for your time & patience,
StarHopper
3/10/2010