General discussion


FYI: unknown virus TROJAN_MSCACHE.A

By Sudbury ·
One of our customers is infected with a virus that I have yet to find any information: TROJAN_MSCACHE.A. Infects hidden type files in folder C:\WINDOWS\SYSTEM. She has Win98 but confirmed antivirus has latest engine and pattern files. It seems to have affected her Excel shortcut icons that don't respond but files can be opened from program although she says some look slightly different (no macros involved). She then loses the programs running in the background until she freezes. Searched antivirus websites: no information. Alerted our antivirus software company and waiting for any information they might have.
Wondering if anyone might be detecting same virus.

This conversation is currently closed to new comments.

3 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -


by ___._ In reply to FYI: unknown virus TROJA ...

Alias: Downloader.MSCache (Symantec),
Trojan.Win32.TalkStocks (Kaspersky),
Category: Win32
Type: Trojan
Published Date: 11/24/2003
Last Modified: 11/25/2003

Win32.Skoob.B is a trojan written with Microsoft C. It consists of an executable component called mscache2.exe, 114688 bytes in size, and a DLL called mscache2.dll, 122880 bytes in size.

These two files may be downloaded by another component (detected as Win32.Skoob or Win32/Skoob.Downloader) from the skoobidoo domain, and
saved to the user's System directory.

The trojan attempts to download other files from URLs on the geocities domain, although at the time of publishing these were no longer available.

The DLL component of the trojan, attempts to retrieve updates for itself from URLs on the blazefind and skoobidoo domains.

Collapse -


by richard_guziewicz In reply to FYI: unknown virus TROJA ...

ISTBar comes in many variants such as AUpdate, MSCache and XXXToolbar. The software hijacks your homepage and web searches.

When the adware application is run, the following registry entry is created so the Adware can run itself:

HKEY_LOCAL_MACHINES\Sofware\Microsoft\Windows\CurrentVersion\Run "IST Service"
It creates a folder called "ISTsvc " under C:\Program Files and drops itself there as a file called ISTSVC.EXE .

It may reset your browser's home page and/or search settings to point to other sites, generally related to pornography. Some users have also observed that this program can generate a lot of pop-up ads.

This application may be removed via "Add/Remove" in Control Panel.

Collapse -

found some info

by drwho7 In reply to FYI: unknown virus TROJA ...

I had the same problem on one of my clients machines, Symantec finally came up with some removal instructions but it didn't really work, however I am going to try and follow a set of instructions from discogail on I will keep you posted.

Have you heard anything since December?

Back to Malware Forum
3 total posts (Page 1 of 1)  

Related Discussions

Related Forums