|
|
| Post Number: 1
|
^Oni^ 
Flagellate
Group: Members
Posts: 209
Joined: Jun. 2002
|
 |
Posted on: Jul. 17 2002,03:12 |
|
   |
IRC.Trojan
I came home from work to find a little NAV2K2 window on my desktop saying it found this.
The infected file was called "winregsrv.exe" and thus far I can't find anything about whether it is supposed to be in my System32 dir or not. Effin' fuck.
If anyone has some idea about that filename, input would be appreciated.
--------------
Would you rather have perfectly developed trapezius muscles and shaky moral grounding or be able to generate complex shadow puppets but comprehend absolutely nothing said to you between the hours of 3 and 4 pm?
|
 |
|
|
| Post Number: 2
|
Jynx
resident n0b0dy
Group: Members
Posts: 333
Joined: Dec. 2000
|
 |
Posted on: Jul. 17 2002,20:16 |
|
 |
What OS do you have?
At first glance, my guess is that the file is used to register either .dll files or services. After all, I believe you can manually register them with "regsvr32", and the naming scheme is similar.
I am, however, too lazy to Google it for you - knock yerself out.
|
|
|
|
| Post Number: 3
|
^Oni^
Flagellate
Group: Members
Posts: 209
Joined: Jun. 2002
|
|
Posted on: Jul. 18 2002,14:40 |
|
|
I'm running XP... I googled it and found nothing and there is nothing in the MS Knowledge base about it... that's why I'm asking...
--------------
Would you rather have perfectly developed trapezius muscles and shaky moral grounding or be able to generate complex shadow puppets but comprehend absolutely nothing said to you between the hours of 3 and 4 pm?
|
|
|
|
| Post Number: 4
|
forumwhore
Fear Me, I Am Change.
Group: Members
Posts: 3282
Joined: Dec. 2001
|
|
Posted on: Jul. 18 2002,14:43 |
|
|
Did not your link also detail removal?
--------------
Posting from; El Pueblo de Nuestra Senora la Reina de Los Angeles de Porciuncula
|
|
|
|
| Post Number: 5
|
Wiley
©0®ÞØ®4+3 whØ®3
Group: Members
Posts: 1268
Joined: Oct. 2001
|
|
Posted on: Jul. 18 2002,16:04 |
|
|
| Quote (^Oni^ @ 16 July 2002,19:12) | | The infected file was called "winregsrv.exe" |
hehe ...sneaky bastads.
The file Regsvr32.exe is used by windows to register .dll files. If there were a win version of the file I'm sure it would keep the same naming convention of Winregsvr.exe and not Winregsrv.exe. I'm pretty sure you've been hosed.
Just to be sure:
Right-click on the file and go to properties and check the version info. If it's MS then you can bet your ass they filled that info out (since file size is not a concern after all).
I would delete it, and check to make sure nothing is calling the file durring system startup.
|
|
|
|
|
|
