Tech Support Forums - TechIMO.com - View Single Post - Need help with a virus that seems to alter permissions.

Cbstiles · September 29th, 2009, 02:11 AM

Hey there, I have recently acquired a virus that appears to have the ability to alter security permissions of certain antispyware/anti-malware programs. It does this shortly after I click the "scan" button for the selected program and in doing so, closes the program and prevents it from being reopened. When I go to check the permissions list, the three things that were originally there (administrator, system, and user) have been removed and replaced by a selection called "Everyone". It is not until after I delete "everyone" and give back permission to the "user" that I can reopen the program... and even then, scanning gives the same problem.

It does this for Malwarebytes' Anti-Malware, Ad-Aware, and Spybot - Search and Destroy. After switching to safe-mode, I was able to run AVG without the problem, but it came up with nothing. Haven't tried AVG in normal mode. The other programs continued having the problem in safe-mode.

The first signs of the virus were the appearance of "msds.exe" and "A.exe" in the task manager processes list. I attempted to correct the problem by ending those processes/process trees and shortly after deleting the file title "msds".

Can anybody tell me what the overall cause of my problem is and what I can do to fix it?

Sorry for the messy post... very tired. Thank you.

September 29th, 2009, 02:11 AM	#1 (permalink)
Cbstiles Member Join Date: May 2005 Posts: 168	Need help with a virus that seems to alter permissions. Hey there, I have recently acquired a virus that appears to have the ability to alter security permissions of certain antispyware/anti-malware programs. It does this shortly after I click the "scan" button for the selected program and in doing so, closes the program and prevents it from being reopened. When I go to check the permissions list, the three things that were originally there (administrator, system, and user) have been removed and replaced by a selection called "Everyone". It is not until after I delete "everyone" and give back permission to the "user" that I can reopen the program... and even then, scanning gives the same problem. It does this for Malwarebytes' Anti-Malware, Ad-Aware, and Spybot - Search and Destroy. After switching to safe-mode, I was able to run AVG without the problem, but it came up with nothing. Haven't tried AVG in normal mode. The other programs continued having the problem in safe-mode. The first signs of the virus were the appearance of "msds.exe" and "A.exe" in the task manager processes list. I attempted to correct the problem by ending those processes/process trees and shortly after deleting the file title "msds". Can anybody tell me what the overall cause of my problem is and what I can do to fix it? Sorry for the messy post... very tired. Thank you.