Unknown process trying to hijack IE

At first I got these messages when I opened Firefox so I uninstalled it. Now
I get it whenever the computer boots up AND when I open IE.

“Network shield: blocked access to malicious site
files.messangerupdate.net/conf/msgutil84.dll” and
“Network shield: blocked access to malicious site
files.messangerupdate.net/conf/msgasst84.dll”. I think something is now in
the startup that is trying to access these sites but avast only blocks the
access, it didn’t find the file that’s doing it. Any suggestions?

Thanks

RDT wrote:

> At first I got these messages when I opened Firefox so I uninstalled it. Now
> I get it whenever the computer boots up AND when I open IE.
>
> “Network shield: blocked access to malicious site
> files.messangerupdate.net/conf/msgutil84.dll” and
> “Network shield: blocked access to malicious site
> files.messangerupdate.net/conf/msgasst84.dll”. I think something is now in
> the startup that is trying to access these sites but avast only blocks the
> access, it didn’t find the file that’s doing it. Any suggestions?
>
> Thanks
>

msgutil84.dll is indicative of a Vundo infection and it's
*** irrelevant *** as to which browser you use.

The Windows Software Malicious Removal tool, released monthly, has
targeted this specific malware since March 2008, but you refused to
install it, right ?


Download, install, and update -

Malwarebytes Anti-malware
http://www.malwarebytes.org

Click the 'Download free version' button.
*Save* mbam-setup.exe
When the download is finished close all open programs and browsers.
Now install MBAM and allow it to update it's definitions during it's
installation.

Once MBAM is installed and updated, boot to Safe Mode:
# Restart the computer.
# As the computer starts, press the F8 key.
# Use the arrow keys to choose Safe Mode, and then press ENTER.

Open MBAM. Do a Quick scan of the system.
When the scan is done click the Show results button
Ensure everything detected is checked, then click the Remove selected
button.

If you need further assistance suggest you post to a reputable
anti-malware forum.
*Please* read the guidelines of the forum of your choice prior to posting. -

http://www.atribune.org/forums/index.php?showforum=9
http://aumha.net/viewforum.php?f=30
http://www.bleepingcomputer.com/forums/forum22.html
http://www.dslreports.com/forum/cleanup
http://www.cybertechhelp.com/forums/...splay.php?f=25
http://www.geekstogo.com/forum/Malwa..._Here-f37.html
http://gladiator-antivirus.com/forum...?showforum=170
http://spywarehammer.com/simplemachi...php?board=10.0
http://spywarewarrior.com/viewforum.php?f=5

MowGreen
===============
*-343-* FDNY
Never Forgotten
===============

banthecheck.com
"Security updates should *never* have *non-security content* prechecked"

This has been a great place for info and tips and I appreciate your advice
but your criticism is uncalled for and off base. Auto update has installed
everything Microsoft put up. You have no reason to be arrogant.

"MowGreen" wrote:

> RDT wrote:
>
> > At first I got these messages when I opened Firefox so I uninstalled it. Now
> > I get it whenever the computer boots up AND when I open IE.
> >
> > “Network shield: blocked access to malicious site
> > files.messangerupdate.net/conf/msgutil84.dll” and
> > “Network shield: blocked access to malicious site
> > files.messangerupdate.net/conf/msgasst84.dll”. I think something is now in
> > the startup that is trying to access these sites but avast only blocks the
> > access, it didn’t find the file that’s doing it. Any suggestions?
> >
> > Thanks
> >
>
> msgutil84.dll is indicative of a Vundo infection and it's
> *** irrelevant *** as to which browser you use.
>
> The Windows Software Malicious Removal tool, released monthly, has
> targeted this specific malware since March 2008, but you refused to
> install it, right ?
>
>
> Download, install, and update -
>
> Malwarebytes Anti-malware
> http://www.malwarebytes.org
>
> Click the 'Download free version' button.
> *Save* mbam-setup.exe
> When the download is finished close all open programs and browsers.
> Now install MBAM and allow it to update it's definitions during it's
> installation.
>
> Once MBAM is installed and updated, boot to Safe Mode:
> # Restart the computer.
> # As the computer starts, press the F8 key.
> # Use the arrow keys to choose Safe Mode, and then press ENTER.
>
> Open MBAM. Do a Quick scan of the system.
> When the scan is done click the Show results button
> Ensure everything detected is checked, then click the Remove selected
> button.
>
> If you need further assistance suggest you post to a reputable
> anti-malware forum.
> *Please* read the guidelines of the forum of your choice prior to posting. -
>
> http://www.atribune.org/forums/index.php?showforum=9
> http://aumha.net/viewforum.php?f=30
> http://www.bleepingcomputer.com/forums/forum22.html
> http://www.dslreports.com/forum/cleanup
> http://www.cybertechhelp.com/forums/...splay.php?f=25
> http://www.geekstogo.com/forum/Malwa..._Here-f37.html
> http://gladiator-antivirus.com/forum...?showforum=170
> http://spywarehammer.com/simplemachi...php?board=10.0
> http://spywarewarrior.com/viewforum.php?f=5
>
> MowGreen
> ===============
> *-343-* FDNY
> Never Forgotten
> ===============
>
> banthecheck.com
> "Security updates should *never* have *non-security content* prechecked"
> .
>

I found nothing arrogant in BroMow's post.

RDT wrote:
> This has been a great place for info and tips and I appreciate your advice
> but your criticism is uncalled for and off base. Auto update has installed
> everything Microsoft put up. You have no reason to be arrogant.
>
> "MowGreen" wrote:
>
>> RDT wrote:
>>
>>> At first I got these messages when I opened Firefox so I uninstalled it.
>>> Now I get it whenever the computer boots up AND when I open IE.
>>>
>>> “Network shield: blocked access to malicious site
>>> files.messangerupdate.net/conf/msgutil84.dll” and
>>> “Network shield: blocked access to malicious site
>>> files.messangerupdate.net/conf/msgasst84.dll”. I think something is now
>>> in
>>> the startup that is trying to access these sites but avast only blocks
>>> the
>>> access, it didn’t find the file that’s doing it. Any suggestions?
>>>
>>> Thanks
>>>
>>
>> msgutil84.dll is indicative of a Vundo infection and it's
>> *** irrelevant *** as to which browser you use.
>>
>> The Windows Software Malicious Removal tool, released monthly, has
>> targeted this specific malware since March 2008, but you refused to
>> install it, right ?
>>
>>
>> Download, install, and update -
>>
>> Malwarebytes Anti-malware
>> http://www.malwarebytes.org
>>
>> Click the 'Download free version' button.
>> *Save* mbam-setup.exe
>> When the download is finished close all open programs and browsers.
>> Now install MBAM and allow it to update it's definitions during it's
>> installation.
>>
>> Once MBAM is installed and updated, boot to Safe Mode:
>> # Restart the computer.
>> # As the computer starts, press the F8 key.
>> # Use the arrow keys to choose Safe Mode, and then press ENTER.
>>
>> Open MBAM. Do a Quick scan of the system.
>> When the scan is done click the Show results button
>> Ensure everything detected is checked, then click the Remove selected
>> button.
>>
>> If you need further assistance suggest you post to a reputable
>> anti-malware forum.
>> *Please* read the guidelines of the forum of your choice prior to
>> posting.
>> -
>>
>> http://www.atribune.org/forums/index.php?showforum=9
>> http://aumha.net/viewforum.php?f=30
>> http://www.bleepingcomputer.com/forums/forum22.html
>> http://www.dslreports.com/forum/cleanup
>> http://www.cybertechhelp.com/forums/...splay.php?f=25
>> http://www.geekstogo.com/forum/Malwa..._Here-f37.html
>> http://gladiator-antivirus.com/forum...?showforum=170
>> http://spywarehammer.com/simplemachi...php?board=10.0
>> http://spywarewarrior.com/viewforum.php?f=5
>>
>> MowGreen
>> ===============
>> *-343-* FDNY
>> Never Forgotten
>> ===============
>>
>> banthecheck.com
>> "Security updates should *never* have *non-security content* prechecked"
>> .

I haven't got around to checking out the links you posted but the
malwarebytes program worked great! It found 65 items that adaware and avast
did not find. Thanks again.

"MowGreen" wrote:

> RDT wrote:
>
> > At first I got these messages when I opened Firefox so I uninstalled it. Now
> > I get it whenever the computer boots up AND when I open IE.
> >
> > “Network shield: blocked access to malicious site
> > files.messangerupdate.net/conf/msgutil84.dll” and
> > “Network shield: blocked access to malicious site
> > files.messangerupdate.net/conf/msgasst84.dll”. I think something is now in
> > the startup that is trying to access these sites but avast only blocks the
> > access, it didn’t find the file that’s doing it. Any suggestions?
> >
> > Thanks
> >
>
> msgutil84.dll is indicative of a Vundo infection and it's
> *** irrelevant *** as to which browser you use.
>
> The Windows Software Malicious Removal tool, released monthly, has
> targeted this specific malware since March 2008, but you refused to
> install it, right ?
>
>
> Download, install, and update -
>
> Malwarebytes Anti-malware
> http://www.malwarebytes.org
>
> Click the 'Download free version' button.
> *Save* mbam-setup.exe
> When the download is finished close all open programs and browsers.
> Now install MBAM and allow it to update it's definitions during it's
> installation.
>
> Once MBAM is installed and updated, boot to Safe Mode:
> # Restart the computer.
> # As the computer starts, press the F8 key.
> # Use the arrow keys to choose Safe Mode, and then press ENTER.
>
> Open MBAM. Do a Quick scan of the system.
> When the scan is done click the Show results button
> Ensure everything detected is checked, then click the Remove selected
> button.
>
> If you need further assistance suggest you post to a reputable
> anti-malware forum.
> *Please* read the guidelines of the forum of your choice prior to posting. -
>
> http://www.atribune.org/forums/index.php?showforum=9
> http://aumha.net/viewforum.php?f=30
> http://www.bleepingcomputer.com/forums/forum22.html
> http://www.dslreports.com/forum/cleanup
> http://www.cybertechhelp.com/forums/...splay.php?f=25
> http://www.geekstogo.com/forum/Malwa..._Here-f37.html
> http://gladiator-antivirus.com/forum...?showforum=170
> http://spywarehammer.com/simplemachi...php?board=10.0
> http://spywarewarrior.com/viewforum.php?f=5
>
> MowGreen
> ===============
> *-343-* FDNY
> Never Forgotten
> ===============
>
> banthecheck.com
> "Security updates should *never* have *non-security content* prechecked"
> .
>