regsvc.exe trojan

[Guest]

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

Should this loadup when windows starts C:\WINDOWS\regsvc.exe ?

I don't know if it is Backdoor.IRC.Cloner or W32.HLLW.Gaobot.EE

I clicked a link in a yahoo chat room and did something you should not do.
(I download a zip file)
I open it up & then my Microsoft AntiSpyware had a popup box that ask me if
a want to block this (I clicked yes)
Then it popup a box over and over. So i unblocked it. now I can not delete
it I deleted evey thing in the zip-download
but the regsvc.exe will not go away. I know it is a trojan but all my virus
scanners will not pick it up F-Prot Antivirus and avast! Antivirus all my
updates are up to date

 

[Guest]

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

Did you try to open "msconfig" and on the "startup" tab turn off the
regsvc.exe?
Or, if you feel comfortable poking around registry, fire up "regedit"
and open this key:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
and see if it is listed in there. If it is, delete it.
After reboot, if it doesn't start again, try to do a search for the
file and delete it from the hard disk.

 

[Guest]

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

It is not in my msconfig hmm that's can't be good
I hate play around with the registry but some time you got to
think for the help I see what I can do

"branac" <branislav.karic@gmail.com> wrote in message
news:1106806332.643242.98330@f14g2000cwb.googlegroups.com...
> Did you try to open "msconfig" and on the "startup" tab turn off the
> regsvc.exe?
> Or, if you feel comfortable poking around registry, fire up "regedit"
> and open this key:
> HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
> and see if it is listed in there. If it is, delete it.
> After reboot, if it doesn't start again, try to do a search for the
> file and delete it from the hard disk.
>

 

[Guest]

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

Please try the following.


1) Download the following three items...

McAfee Stinger
http://vil.nai.com/vil/stinger/

Trend Sysclean Package
http://www.trendmicro.com/download/dcs.asp

Latest Trend signature files.
http://www.trendmicro.com/download/pattern.asp

Create a directory.
On drive "C:\"
(e.g., "c:\New Folder")
or the desktop
(e.g., "C:\Documents and Settings\lipman\Desktop\New Folder")

Download SYSCLEAN.COM and place it in that directory.
Download the Trend Pattern File by obtaining the ZIP file.
For example; lpt375.zip

Extract the contents of the ZIP file and place the contents in the same directory as
SYSCLEAN.COM.

2) Disable System Restore
http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm
3) Reboot your PC into Safe Mode and shutdown as many applications as possible
4) Using both the Trend Sysclean utility and Stinger, perform a Full Scan of your
platform and clean/delete any infectors found
5) Restart your PC and perform a "final" Full Scan of your platform using both.
6) Re-enable System Restore and re-apply any System Restore preferences,
(e.g. HD space to use suggested 400 ~ 600MB),
7) Reboot your PC.
8) Create a new Restore point


* * * Please report back your results * * *


--
Dave
http://www.claymania.com/removal-trojan-adware.html





"Help-Me" <Blah@blah.net> wrote in message news:%23hD3xHDBFHA.3700@tk2msftngp13.phx.gbl...
| Should this loadup when windows starts C:\WINDOWS\regsvc.exe ?
|
| I don't know if it is Backdoor.IRC.Cloner or W32.HLLW.Gaobot.EE
|
| I clicked a link in a yahoo chat room and did something you should not do.
| (I download a zip file)
| I open it up & then my Microsoft AntiSpyware had a popup box that ask me if
| a want to block this (I clicked yes)
| Then it popup a box over and over. So i unblocked it. now I can not delete
| it I deleted evey thing in the zip-download
| but the regsvc.exe will not go away. I know it is a trojan but all my virus
| scanners will not pick it up F-Prot Antivirus and avast! Antivirus all my
| updates are up to date
|
|

 

[Guest]

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

That report is clean.

Try one or several of the below online scanners...

McAfee Security - FreeScan
http://www.mcafee.com/myapps/mfs/default.asp

Panda ActiveScan - Free online scanner
http://www.pandasoftware.com/activescan/com/activescan_principal.htm

Computer Associates:
http://www3.ca.com/securityadvisor/virusinfo/scan.aspx

DialogueScience:
http://www.antivir.ru/english/www_av/

F-Secure:
http://support.f-secure.com/enu/home/ols.shtml

BitDefender
http://www.bitdefender.com/scan/license.php

Freedom Online scanner
http://www.freedom.net/viruscenter/index.html


--
Dave
http://www.claymania.com/removal-trojan-adware.html





"Help-Me" <Blah@blah.net> wrote in message news:%23X4Dp$MBFHA.3592@TK2MSFTNGP11.phx.gbl...
|
| Damage Cleanup Engine (DCE) 3.9(Build 1020)
| Windows XP(Build 2600: Service Pack 1)
|
| Start time : Thu Jan 27 2005 15:02:10
|
| Load Damage Cleanup Template (DCT) "C:\New Folder\tsc.ptn" (version 495)

< snip >

 

[Guest]

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

Hi-----

Thought that looked familiar, I've seen regsvc.exe before. It is a remote
registry service . Some more info is at www. answersthatwork.com Click on
task list, then click on the appropiate alphabet letter, and scroll down.
This site has a wealth of info on items that show up in the task manager.
Now, whether someone "used" that, or could use that, to set a trojan on your
computer is way beyond my meager knowledge. See ya------

kerdog

"Help-Me" wrote:

> Should this loadup when windows starts C:\WINDOWS\regsvc.exe ?
>
> I don't know if it is Backdoor.IRC.Cloner or W32.HLLW.Gaobot.EE
>
> I clicked a link in a yahoo chat room and did something you should not do.
> (I download a zip file)
> I open it up & then my Microsoft AntiSpyware had a popup box that ask me if
> a want to block this (I clicked yes)
> Then it popup a box over and over. So i unblocked it. now I can not delete
> it I deleted evey thing in the zip-download
> but the regsvc.exe will not go away. I know it is a trojan but all my virus
> scanners will not pick it up F-Prot Antivirus and avast! Antivirus all my
> updates are up to date
>
>
>

 

[Guest]

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

I am also experiencing the same thing right now. regsvc.exe keeps on
coming back evrytime I reboot my pc after deleting it. Registry editing
is disabled. I did a little research and found out that this alledge
virus hacks your password in yahoo messenger. I still have the
installer virus with me. I kept it for research purposes. anywant who
wants to take a look at it? Anyone... pleassseeeee..... help me!!! (


--
boybalasubas
------------------------------------------------------------------------
boybalasubas's Profile: http://www.iamnotageek.com/member.php?userid=10012
View this thread: http://www.iamnotageek.com/showthread.php?t=807845

 

[Guest]

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

1) Download the following three items...

Trend Sysclean Package
http://www.trendmicro.com/download/dcs.asp

Latest Trend Pattern File.
http://www.trendmicro.com/download/pattern.asp

Adaware SE (free personal version v1.05)
http://www.lavasoftusa.com/

Create a directory.
On drive "C:\"
(e.g., "c:\New Folder")
or the desktop
(e.g., "C:\Documents and Settings\lipman\Desktop\New Folder")

Download Sysclean.com and place it in that directory.
Download the Trend Pattern File by obtaining the ZIP file.
For example; lpt416.zip

Extract the contents of the ZIP file and place the contents in the same directory as
sysclean.com.

2) Update Adaware with the latest definitions.
3) Disable System Restore
http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm
4) Reboot your PC into Safe Mode and shutdown as many applications as possible
5) Using both the Trend Sysclean utility and Adaware, perform a Full Scan of your
platform and clean/delete any infectors/parasites found.
(a few cycles may be needed)
6) Restart your PC and perform a "final" Full Scan of your platform using both the
Trend Sysclean utility and Adaware
7) Re-enable System Restore and re-apply any System Restore preferences,
(e.g. HD space to use suggested 400 ~ 600MB),
8) Reboot your PC.
9) Create a new Restore point


* * * Please report your results ! * * *


--
Dave
http://www.claymania.com/removal-trojan-adware.html




"boybalasubas" <boybalasubas.1kl7eq@no-mx.forums.iamnotageek.com> wrote in message
news:boybalasubas.1kl7eq@no-mx.forums.iamnotageek.com...
|
| I am also experiencing the same thing right now. regsvc.exe keeps on
| coming back evrytime I reboot my pc after deleting it. Registry editing
| is disabled. I did a little research and found out that this alledge
| virus hacks your password in yahoo messenger. I still have the
| installer virus with me. I kept it for research purposes. anywant who
| wants to take a look at it? Anyone... pleassseeeee..... help me!!! (
|
|
| --
| boybalasubas
| ------------------------------------------------------------------------
| boybalasubas's Profile: http://www.iamnotageek.com/member.php?userid=10012
| View this thread: http://www.iamnotageek.com/showthread.php?t=807845
|

 

[Guest]

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

I already fixed my pc virus problem. I downloaded the trial version of
Mcafee virus scan 9.0. It did the job which Norton anti virus 2005 and
trend micro's house call didn't. The trojan's name is "Generic PWS.b"
It is used by hackers to steal passwords. One thing is for sure! I am
switching to Mcafee! Damn Symantec!


--
boybalasubas
------------------------------------------------------------------------
boybalasubas's Profile: http://www.iamnotageek.com/member.php?userid=10012
View this thread: http://www.iamnotageek.com/showthread.php?t=807845