(Msg. 1) Posted: Wed Aug 23, 2006 11:04 pm
Post subject: Trojan found by Symantec antivirus? Archived from groups: alt>comp>virus (more info?)
I get a popup window from my symantec antivirus saying a
trojan was found in regscan.exe in windows\system32. I looked at the
programs properties. It was an ms-dos file with a PIF tab that showed
commands to start it up autoexe,bat. It did not show a version such as
Microsoft. It was about 200k in size. Symantec could not quarantine it
and I could not delete it because it was running. I found it in
windows task manager under running processes and shut it down. Then I
deleted it. There was only a ms-dos short cut to the program in the
recycle bin. Back in the system32 folder was a program caleed
regscan.exe.new, and I deleted that. After rebooting it was not back
in sysmtem32. Anyone know what it was and where it came from?
(Msg. 2) Posted: Thu Aug 24, 2006 1:09 pm
Post subject: Re: Trojan found by Symantec antivirus? [Login to view extended thread Info.] Archived from groups: per prev. post (more info?)
"Richard F" <richienv DeleteThis @yahoo.com> wrote in message
news:h5gqe2ha52gqhu47i98r7ck8leps2bet68@4ax.com...
> I get a popup window from my symantec antivirus saying a
> trojan was found in regscan.exe in windows\system32. I looked at the
> programs properties. It was an ms-dos file with a PIF tab that showed
> commands to start it up autoexe,bat. It did not show a version such as
> Microsoft. It was about 200k in size. Symantec could not quarantine it
> and I could not delete it because it was running. I found it in
> windows task manager under running processes and shut it down. Then I
> deleted it. There was only a ms-dos short cut to the program in the
> recycle bin. Back in the system32 folder was a program caleed
> regscan.exe.new, and I deleted that. After rebooting it was not back
> in sysmtem32. Anyone know what it was and where it came from?
>
> Richard
There is no regscan.exe on my system. Yours must have been malware.
It is anybody's guess as to what it was doing, but surely it can't be
benign.
Jim
(Msg. 3) Posted: Thu Aug 24, 2006 9:48 pm
Post subject: Re: Trojan found by Symantec antivirus? [Login to view extended thread Info.] Archived from groups: per prev. post (more info?)
From: "Richard F" <richienv.RemoveThis@yahoo.com>
| I get a popup window from my symantec antivirus saying a
| trojan was found in regscan.exe in windows\system32. I looked at the
| programs properties. It was an ms-dos file with a PIF tab that showed
| commands to start it up autoexe,bat. It did not show a version such as
| Microsoft. It was about 200k in size. Symantec could not quarantine it
| and I could not delete it because it was running. I found it in
| windows task manager under running processes and shut it down. Then I
| deleted it. There was only a ms-dos short cut to the program in the
| recycle bin. Back in the system32 folder was a program caleed
| regscan.exe.new, and I deleted that. After rebooting it was not back
| in sysmtem32. Anyone know what it was and where it came from?
|
| Richard
To use this utility, perform the following...
Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS }
Choose; Unzip
Choose; Close
Execute; C:\AV-CLS\StartMenu.BAT
{ or Double-click on 'Start Menu' in C:\AV-CLS }
NOTE: You may have to disable your software FireWall or allow WGET.EXE to go through your
FireWall to allow it to download the needed AV vendor related files.
C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS}
This will bring up the initial menu of choices and should be executed in Normal Mode.
This way all the components can be downloaded from each AV vendor's web site.
The choices are; Sophos, Trend, McAfee, Kaspersky, Exit this menu and Reboot the PC.
You can choose to go to each menu item and just download the needed files or you can
download the files and perform a scan in Normal Mode. Once you have downloaded the files
needed for each scanner you want to use, you should reboot the PC into Safe Mode [F8 key
during boot] and re-run the menu again and choose which scanner you want to run in Safe
Mode. It is suggested to run the scanners in both Safe Mode and Normal Mode.
All times are: Eastern Time (US & Canada) (change)
Page 1 of 1
You can post new topics in this forum You can reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
Home
Forums
Home
FAQ
Profile
Private Messages
Log in
Security