General discussion

  • Creator
  • #2296924

    FYI: unknown virus TROJAN_MSCACHE.A


    by sudbury ·

    One of our customers is infected with a virus that I have yet to find any information: TROJAN_MSCACHE.A. Infects hidden type files in folder C:\WINDOWS\SYSTEM. She has Win98 but confirmed antivirus has latest engine and pattern files. It seems to have affected her Excel shortcut icons that don’t respond but files can be opened from program although she says some look slightly different (no macros involved). She then loses the programs running in the background until she freezes. Searched antivirus websites: no information. Alerted our antivirus software company and waiting for any information they might have.
    Wondering if anyone might be detecting same virus.

All Comments

  • Author
    • #2686496


      by ___._ ·

      In reply to FYI: unknown virus TROJAN_MSCACHE.A

      Alias: Downloader.MSCache (Symantec),
      Trojan.Win32.TalkStocks (Kaspersky),
      Category: Win32
      Type: Trojan
      Published Date: 11/24/2003
      Last Modified: 11/25/2003

      Win32.Skoob.B is a trojan written with Microsoft C. It consists of an executable component called mscache2.exe, 114688 bytes in size, and a DLL called mscache2.dll, 122880 bytes in size.

      These two files may be downloaded by another component (detected as Win32.Skoob or Win32/Skoob.Downloader) from the skoobidoo domain, and
      saved to the user’s System directory.

      The trojan attempts to download other files from URLs on the geocities domain, although at the time of publishing these were no longer available.

      The DLL component of the trojan, attempts to retrieve updates for itself from URLs on the blazefind and skoobidoo domains.

    • #2686472


      by bigbird68 ·

      In reply to FYI: unknown virus TROJAN_MSCACHE.A

      ISTBar comes in many variants such as AUpdate, MSCache and XXXToolbar. The software hijacks your homepage and web searches.

      When the adware application is run, the following registry entry is created so the Adware can run itself:

      HKEY_LOCAL_MACHINES\Sofware\Microsoft\Windows\CurrentVersion\Run “IST Service”
      It creates a folder called “ISTsvc ” under C:\Program Files and drops itself there as a file called ISTSVC.EXE .

      It may reset your browser’s home page and/or search settings to point to other sites, generally related to pornography. Some users have also observed that this program can generate a lot of pop-up ads.

      This application may be removed via “Add/Remove” in Control Panel.

    • #2696537

      found some info

      by drwho7 ·

      In reply to FYI: unknown virus TROJAN_MSCACHE.A

      I had the same problem on one of my clients machines, Symantec finally came up with some removal instructions but it didn’t really work, however I am going to try and follow a set of instructions from discogail on I will keep you posted.

      Have you heard anything since December?

Viewing 2 reply threads