What is mnsvc.exe and why does it cause a program error all the frickin' time?
- Thread starter thereds
- Start date
<< This trojan gets installed when visiting a hosting website. Currently http://www.koolkatalog.com and http://www.online1net.com, contains malicous javascript code which installs MNSVC.EXE, as well as the COOLSTUFF.OCX ActiveXControl. >>
narzy
Elite Member
- Feb 26, 2000
- 7,006
- 1
- 81
kinda masks itself as mssvc.exe or whatever the service controller exe is doesn't it.
get antivirus software (I suggest norton but thats me)
update windows regularly (I do it weekly but thats me)
update your antivirus OFTEN (I do it weekly unless there is a new high threat virus out then I update ASAP but thats me)
get antivirus software (I suggest norton but thats me)
update windows regularly (I do it weekly but thats me)
update your antivirus OFTEN (I do it weekly unless there is a new high threat virus out then I update ASAP but thats me)
Here's info from Computer Associates Virus Encyclopedia:
Win32.MinStaller
Alias: Backdoor.Autoupder , Downloader-W , Win32/Downloader-W.A.Trojan, TROJ_SUA.A , TrojanDownloader.Win32.Minstaller
Category: Win32
Type: Trojan
Wild: <http://www3.ca.com/images/vic/info_bars_na_left.gif>
Destructiveness: <http://www3.ca.com/images/vic/info_bars_med.gif>
Pervasiveness: <http://www3.ca.com/images/vic/info_bars_na_left.gif>
CHARACTERISTICS
Win32.MinStaller trojan has the ability the install, run and delete files on a user's computer via scripting directives which are stored on an external site.
The initial component (mnsvc.exe) downloads a program (ausvc.exe) which auto-updates various components as directed.
Currently the trojan can install the following files on a user's harddisk:
* ausvc.exe (Auto-Updating component)
* absr.exe (Browser Helper Object)
* bvt.exe (Browser Helper Object)
* pmgr.exe
* mbtcd.bak (data file)
* ea.bin (data file)
* pl.dat (data file)
* undo.exe (Uninstalls the trojan and all components)
* undo.bat
The trojan can create the following registry keys:
For mnsvc.exe:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\mnsvc="%Windows%\mnsvc.exe"
If further components are downloaded and installed, then the following registry keys can be created.
For ausvc.exe:
HKLM\Software\Microsoft\Windows\Currentversion\Run\ausvc="%Windows%\ausvc.exe"
HKCR\CLSID\{F53C844A-D9C8-4E92-B923-C05B46C4A7E3}
HKCR\CLSID\{FBE091E5-DF43-4FFB-AECC-7E3A3BC7B0D9}
For ABsr.exe
HKLM\Software\Microsoft\Windows\Currentversion\Run\ABsr"%Windows%\absr.exe"
HKCR\AppID\ABsr.EXE
HKCR\AppID\{9A05FE9B-5B52-4D13-A77D-FA7C38557A8E}
HKCR\CLSID\{6541B981-2E27-46B1-A2CC-8264A75B74FE}
HKCR\CLSID\{C76BE992-2BC3-41A4-8B87-A8C01FE419A7}
HKCR\TypeLib\{C423B212-02B3-41CF-BE3A-532CE28180CD}
For bvt.exe
HKLM\Software\Microsoft\Windows\Currentversion\Run\SysScan="%Windows%\bvt.exe"
HKCR\AppID\bvt.EXE
HKCR\AppID\{8B034058-08B0-4CB3-B2E8-60238B4967F2}
HKCR\CLSID\{868B015F-3515-44DB-B0AD-182CD058985E}
HKCR\CLSID\{9E2099A5-9483-43fe-92D1-68DBFBE968A2}
HKCR\TypeLib\{6D8B1B74-4AB8-473B-B479-253FA1936802}
Users Note: The trojan follows directives for the installation, retrieval and removal of files that are stored externally on a website (where the content is liable to change). Hence it is possible that the functionality of the trojan may also change according to what content is downloaded and installed on the affected machine.
Win32.MinStaller
Alias: Backdoor.Autoupder , Downloader-W , Win32/Downloader-W.A.Trojan, TROJ_SUA.A , TrojanDownloader.Win32.Minstaller
Category: Win32
Type: Trojan
Wild: <http://www3.ca.com/images/vic/info_bars_na_left.gif>
Destructiveness: <http://www3.ca.com/images/vic/info_bars_med.gif>
Pervasiveness: <http://www3.ca.com/images/vic/info_bars_na_left.gif>
CHARACTERISTICS
Win32.MinStaller trojan has the ability the install, run and delete files on a user's computer via scripting directives which are stored on an external site.
The initial component (mnsvc.exe) downloads a program (ausvc.exe) which auto-updates various components as directed.
Currently the trojan can install the following files on a user's harddisk:
* ausvc.exe (Auto-Updating component)
* absr.exe (Browser Helper Object)
* bvt.exe (Browser Helper Object)
* pmgr.exe
* mbtcd.bak (data file)
* ea.bin (data file)
* pl.dat (data file)
* undo.exe (Uninstalls the trojan and all components)
* undo.bat
The trojan can create the following registry keys:
For mnsvc.exe:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\mnsvc="%Windows%\mnsvc.exe"
If further components are downloaded and installed, then the following registry keys can be created.
For ausvc.exe:
HKLM\Software\Microsoft\Windows\Currentversion\Run\ausvc="%Windows%\ausvc.exe"
HKCR\CLSID\{F53C844A-D9C8-4E92-B923-C05B46C4A7E3}
HKCR\CLSID\{FBE091E5-DF43-4FFB-AECC-7E3A3BC7B0D9}
For ABsr.exe
HKLM\Software\Microsoft\Windows\Currentversion\Run\ABsr"%Windows%\absr.exe"
HKCR\AppID\ABsr.EXE
HKCR\AppID\{9A05FE9B-5B52-4D13-A77D-FA7C38557A8E}
HKCR\CLSID\{6541B981-2E27-46B1-A2CC-8264A75B74FE}
HKCR\CLSID\{C76BE992-2BC3-41A4-8B87-A8C01FE419A7}
HKCR\TypeLib\{C423B212-02B3-41CF-BE3A-532CE28180CD}
For bvt.exe
HKLM\Software\Microsoft\Windows\Currentversion\Run\SysScan="%Windows%\bvt.exe"
HKCR\AppID\bvt.EXE
HKCR\AppID\{8B034058-08B0-4CB3-B2E8-60238B4967F2}
HKCR\CLSID\{868B015F-3515-44DB-B0AD-182CD058985E}
HKCR\CLSID\{9E2099A5-9483-43fe-92D1-68DBFBE968A2}
HKCR\TypeLib\{6D8B1B74-4AB8-473B-B479-253FA1936802}
Users Note: The trojan follows directives for the installation, retrieval and removal of files that are stored externally on a website (where the content is liable to change). Hence it is possible that the functionality of the trojan may also change according to what content is downloaded and installed on the affected machine.
TRENDING THREADS
-
Discussion Zen 5 Speculation (EPYC Turin and Strix Point/Granite Ridge - Ryzen 9000)- Started by DisEnchantment
- Replies: 24K
-
Discussion Intel Meteor, Arrow, Lunar & Panther Lakes Discussion Threads
- Started by Tigerick
- Replies: 20K
-
-
-
Facebook
Twitter