Forum: Geek Forum
Topic: Well somebody thinks they're effin' funny...
started by: ^Oni^

Posted by ^Oni^ on Jul. 17 2002,03:12
< IRC.Trojan >

I came home from work to find a little NAV2K2 window on my desktop saying it found this.

The infected file was called "winregsrv.exe" and thus far I can't find anything about whether it is supposed to be in my System32 dir or not. Effin' fuck.

If anyone has some idea about that filename, input would be appreciated.
Posted by Jynx on Jul. 17 2002,20:16
What OS do you have?

At first glance, my guess is that the file is used to register either .dll files or services.  After all, I believe you can manually register them with "regsvr32", and the naming scheme is similar.

I am, however, too lazy to < Google > it for you - knock yerself out.
Posted by ^Oni^ on Jul. 18 2002,14:40
I'm running XP... I googled it and found nothing and there is nothing in the MS Knowledge base about it... that's why I'm asking...
Posted by forumwhore on Jul. 18 2002,14:43
Did not your link also detail removal?
Posted by Wiley on Jul. 18 2002,16:04
Quote (^Oni^ @ 16 July 2002,19:12)
The infected file was called "winregsrv.exe"

hehe ...sneaky bastads.
The file Regsvr32.exe is used by windows to register .dll files.  If there were a win version of the file I'm sure it would keep the same naming convention of Winregsvr.exe and not Winregsrv.exe.  I'm pretty sure you've been hosed.
Just to be sure:
Right-click on the file and go to properties and check the version info.  If it's MS then you can bet your ass they filled that info out (since file size is not a concern after all).  
I would delete it, and check to make sure nothing is calling the file durring system startup.
Powered by Ikonboard 3.1.4 © 2006 Ikonboard