Tom's Hardware > Forum > Old Man/Woman's Club > Other > HIGH ALERT MS Built in Trojan Found

HIGH ALERT MS Built in Trojan Found

Forum Old Man/Woman's Club : Other - HIGH ALERT MS Built in Trojan Found

Tom's Hardware: Over 1.4 million members in 6 different countries available to answer all your high-tech questions. Sign up now! Its free!

Ask the community Add a reply

Bottom Search this thread

I found a program task running in Windows XP that is a back_door Trojan called unregmp2.exe.

Yes you read that right a .exe file that is a component of Windows Media Player.

This file can cause all sorts of system errors and has even been reported to stop a Windows XP installation.

This program is hidden so deep in the OS that users never even see it running it is not displayed or reported by any of XP's resource components or utility's. It also cannot be turned off in any of the XP resource management tools!!

What you need to do to see this little Trojan is go to Windows and open-up C:\ Drive and set your folder options to show hidden files and folders.

The program "unregmp2.exe" is located in the "inf folder"

unregmp2.exe is a component of the Windows Media Player package however it is a very dangerous Back Door Trojan Hole. Other side effects of this Windows file are poor connection traffic flow and outside monitoring of your computer activity's by an un_authorized user (hacker). The unregmp2.exe uses so much computer resources that it even slows your operating system down and steal resources that could be better applied to other Valid resources.

If you have already gone to Windows and looked at this little prick program file found in the inf file you now know where it is and you are [looking at one of the most nasty .exe programs Microsoft has ever planted into one of their operating systems.]

*You now have a few options at this point to rid your self of this Trojan.

This is what I have done as a temporary patch of my OS.

I downloaded a program called Hacker Eliminator version 1.2 it is a 30 day trial shareware program. After you install this nice little program it WILL Report "unregmp2.exe" is active in your computers START-UP....Yep it starts every time you reboot and runs constantly.

I made a back-up of "unregmp2.exe" to a Floppy disc for safe keeping then deleted the file out of my computer. After I rebooted and went back to the Windows "inf" folder that little Trojan biotch was back.

Using the delete of the file will cause Hacker Eliminator to pop a message window up on the screen that will allow you to Eliminate the process and prevent it from starting with your operating system.

Since "unregmp2.exe" acts as a Trojan it cannot be removed manually as it will renew it's self on start-up but Hacker Eliminator will prevent unregmp2.exe from initializing at windows start-up.

I am looking into a perm fix to remove this files links and where it hides elsewhere in the OS so you can manually remove it permanently. I would presume every time you update it will yet again start so you will need to fully update your P.C at Windows update then turn this Trojan off with Hacker Eliminator.

My P.C has improved performance and internet connection speeds since I am blocking "unregmp2.exe" from being an active .exe file in my OS.

This program.exe called "unregmp2.exe is a serious issue in Windows XP and not a thing to be ignored. Anyone who values their computers resources equalling speed and performance as well as PRIVACY will need to take steps to REMOVE "unregmp2.exe" from their computer Start-UP folder.

There are more technical ways to get into the computers start-up areas and remove this little biotch but I don't want to have many users treading on thin ice. The above way I have described is the safest way to shut down this Trojan and it will Visually show you what you are doing and you will learn about this problem first hand.

This file is so nasty as I say you can use a Registry search and the damn thing shows as a...

FriendlyTypeName REG_SZ @C:\WINDOWS\inf\unregmp2.exe,-9903

It most defiantly is not a Friendly file.

I have as yet hesitated to remove it from the registry as I am watching the OS for side effects of disabling "unregmp2.exe" by locking it out with Hacker Eliminator version 1.2.

If no undue problems occur by handcuffing this Trojan I will in a few days remove it from the Registry and from the Windows inf folder and rid myself of this Microsoft exploit!!

After I have permanently removed this Trojan I can then remove the 30 day trial of Hacker Eliminator as I will not need it anymore. However I have found this little program is a handy tool and might purchase it outright.

<A HREF="http://img119.exs.cx/img119/4592/Lag_Bot_Trojan.jpg" target="_new">http://img119.exs.cx/img119/4592/Lag_Bot_Trojan.jpg</A>

GOD LOVES CANADA

Add a reply

you found this or you got the quote somewhere else?

i don't use media-player, nor do i ever want to, so i don't mind removing it, however after searching the net i found no reason to worry much about this file.

what exactly is it doing?

Alltaken

<A HREF="http://www.mudpuddle.co.nz" target="_new">http://www.mudpuddle.co.nz</A> its where its all going on, oh and its also all going on HERE <A HREF="http://doug.mudpuddle.co.nz/gallery/" target="_new">http://doug.mudpuddle.co.nz/gallery/</A>

Reply to alltaken

It's SoD. Best just to not read his posts.

_______________________
<A HREF="http://www.moviewavs.com/MP3S/TV_Shows/Simpsons/flanderssong.mp3" target="_new">Audio Sig</A>

Reply to Ned_Flanders

It has nothing to do with if you use Media Player or not the bloody unregmp2.exe runs in every XP computer. It is installed from the first day you load XP or Pro.

You say you see no reason to remove it......that is as they say your call.

As for what it is doing it is a Trojan in the most pure form of what a Trojan is a program running hidden in your operating system that steals resources and allows third party unsolicited connections directly into your operating system.

Trojans are not a virus your antivirus even good ones seldom find a Trojan because a Trojan IS a program valid or otherwise.

Nothing will happen to your Windows Media player if you remove unregmp2.exe from your computers registry and the inf file it hides in Windows.

The only thing that WILL HAPPEN is you removed a back-door Trojan program and improved your computers performance and security.

P.S you guys really need to read the posts and not peruse them you miss important details and ask silly questions after you fail to read the full posts. Not all of you just some of you.

GOD LOVES CANADA

Reply to SoDNighthawk

who wants to read your posts?

Name one person.

_______________________
<A HREF="http://www.moviewavs.com/MP3S/TV_Shows/Simpsons/flanderssong.mp3" target="_new">Audio Sig</A>

Reply to Ned_Flanders

not me.

"Never underestimate the predictability of Stupidity."
<A HREF="http://www.cameronwilliamson.com" target="_new">-={Neurotic Narcissist.}=-</A>
{FLM}

Reply to mrface

Ned it's not my fault you were born Mentally Retarded, your own handicaps are in fact your own problem.

GOD LOVES CANADA

Reply to SoDNighthawk

Ok.
Sorry if my eyes can't see light which hasn't reached them yet...etc
It's all my fault, my Computing Science degree is just a cover up, honest.

_______________________
<A HREF="http://www.moviewavs.com/MP3S/TV_Shows/Simpsons/flanderssong.mp3" target="_new">Audio Sig</A>

Reply to Ned_Flanders

lmao.

"Never underestimate the predictability of Stupidity."
<A HREF="http://www.cameronwilliamson.com" target="_new">-={Neurotic Narcissist.}=-</A>
{FLM}

Reply to mrface

:lol:

_______________________
<A HREF="http://www.moviewavs.com/MP3S/TV_Shows/Simpsons/flanderssong.mp3" target="_new">Audio Sig</A>

Reply to Ned_Flanders

Your computer science degree is much less then mine son and you dont have 20 years exp either.

GOD LOVES CANADA

Reply to SoDNighthawk

I arn't 20yrs old, so it's not possible for me to have 20yrs experience.

Do I give the slightest fúck whether my degree is better than yours? You sound like a child, hell you don't even specify what your God-like qualifications are.

I don't think your taken seriously on this forum any more - just leave

_______________________
<A HREF="http://www.moviewavs.com/MP3S/TV_Shows/Simpsons/flanderssong.mp3" target="_new">Audio Sig</A>

Reply to Ned_Flanders

I think you have an authority problem son or perhaps a Father figure problem.

Is that what your problem is you are both computer illiterate and you don't have a father.

GOD LOVES CANADA

Reply to SoDNighthawk

family jabs. Great.

_______________________
<A HREF="http://www.moviewavs.com/MP3S/TV_Shows/Simpsons/flanderssong.mp3" target="_new">Audio Sig</A>

Reply to Ned_Flanders

he's swinging

but hes missing...

"Never underestimate the predictability of Stupidity."
<A HREF="http://www.cameronwilliamson.com" target="_new">-={Neurotic Narcissist.}=-</A>
{FLM}

Reply to mrface

You know it man! :lol:

How can you hold up any kind of coversation with someone like that?

Is it possible that he is trying to diagnose a problem which I don't have, because, infact he is the one with the 'father figure' problem but does not want to admit it? - transference
Who knows, the chances for you getting an intelligent answer out of SoD are very slim.

And why does he keep reffering to me as 'son'.

_______________________
<A HREF="http://www.moviewavs.com/MP3S/TV_Shows/Simpsons/flanderssong.mp3" target="_new">Audio Sig</A>

Reply to Ned_Flanders

you cant man.

its difficult.

"Never underestimate the predictability of Stupidity."
<A HREF="http://www.cameronwilliamson.com" target="_new">-={Neurotic Narcissist.}=-</A>
{FLM}

Reply to mrface

Evidently I was correct

GOD LOVES CANADA

Reply to SoDNighthawk

evidently youre an idiot...

"Never underestimate the predictability of Stupidity."
<A HREF="http://www.cameronwilliamson.com" target="_new">-={Neurotic Narcissist.}=-</A>
{FLM}

Reply to mrface

NED, I AMMMM YOURRRR FATHER!!!!!!

oops! Sorry Ned, I had a Star Wars flashback!

Reply to mozzartusm

Nnnooooooooooooooooooo!!!!!!!!!!!

<pre>\\//__________________________________
And the sign says "You got to have a membership card to get inside" Huh
So I got me a pen and paper And I made up my own little sign</pre>

Reply to RichPLS

What evidence shows that you were correct?

_______________________
<A HREF="http://www.moviewavs.com/MP3S/TV_Shows/Simpsons/flanderssong.mp3" target="_new">Audio Sig</A>

Reply to Ned_Flanders

Quote :

Trojans are not a virus your antivirus even good ones seldom find a Trojan

Yes they do, click here [url]http://securityresponse.symantec.com/avcenter/venc/auto/index/indexT.html[/ur] if you scroll down you can see loads of trojan programs that norton antivirus detects. There are 25 other pages like this.

Quote :

Trojan IS a program valid or otherwise.

What do you think the majority of viri are?

Quote :

It is installed from the first day you load XP or Pro.

Why would microsoft include a program that allows people to gain illegal access to your computer with thier operating system. Windows has enough security issues with out microsft making more.

Reply to jammydodger

I seem to recall you starting a thread named "Why does everyone h8 SoD so much" do you understand now?

Reply to jammydodger

Damn, you guys are ruthless...

<pre>\\//__________________________________
And the sign says "You got to have a membership card to get inside" Huh
So I got me a pen and paper And I made up my own little sign</pre>

Reply to RichPLS

I understand only too well :frown:

Note his lack of a reply when I ask specific questions?

_______________________
<A HREF="http://www.moviewavs.com/MP3S/TV_Shows/Simpsons/flanderssong.mp3" target="_new">Audio Sig</A>

Reply to Ned_Flanders

<A HREF="http://" target="_new">http://www.pestpatrol.com/PestInfo/u/unregmp2_exe.asp#Origins</A>

<A HREF="http://www.tv-ark.org.uk/commercials/commercials_s-z/unigate1970sa.rm" target="_new">Watch out, there's a Humphrey about.</A>

Reply to Tom_Smart

Bad link tom ...

 ...more people are driven insane through religious hysteria than by drinking alcohol - W.C. Fields

Reply to Jake_Barnes

<A HREF="http://www.pestpatrol.com/pestinfo/u/unregmp2_exe.asp" target="_new">Sorry</A>

<A HREF="http://www.tv-ark.org.uk/commercials/commercials_s-z/unigate1970sa.rm" target="_new">Watch out, there's a Humphrey about.</A>

Reply to Tom_Smart

Quote :

It has nothing to do with if you use Media Player or not the bloody unregmp2.exe runs in every XP computer. It is installed from the first day you load XP or Pro.

well actually after your original post.

i decided to do some research, and found that unregmp2.exe is a windows media related fiel which is distributed with WMP. and found on Win98 computers also (who run WMP)

it is suposedly a configuration program for WMP.

i found a few sites that said it was a trojan, but none ever stated, "how it was found to be a trojan" nor "what it does", they didn't even offer proof as to thier claims of it being a trojan.

neither have you.

you ever heard of e-mails telling people to delete certain files on their computers? the e-mails which end up making people [-peep-] things up, because they don't know what they are doing?

well this is the reason i want some solid evidence, rather than "i think its a trojan, therefor you should remove it"

but as i said i DON'T use WMP so if this file is only a WMP related thing (claimed to be by MS) then i would delete it at the same time i would try to delete any WMP things.

Alltaken

<A HREF="http://www.mudpuddle.co.nz" target="_new">http://www.mudpuddle.co.nz</A> its where its all going on, oh and its also all going on HERE <A HREF="http://doug.mudpuddle.co.nz/gallery/" target="_new">http://doug.mudpuddle.co.nz/gallery/</A>

Reply to alltaken

I cant find any site that says its a trojan, I think it is just a program that can be exploited to gain access to a PC. There is nothing malicious about it.
SoD, I have said it before and I will say it again, u are an idiot.

Reply to jammydodger

You are correct alltaken, I also said in all my posts that unregmp2.exe is part of the Windows Media player that was never in question.

What I did state is that PROGRAM_TROJAN runs behind the scenes in XP and all the configuration utility's in XP do not report that Program even exists.

Many would call any active program that does not report that it is active to any of the system utility's as Trojan.

In any event I stated that if you want better security and better performance out of your computer to delete the registry key then the unregmp2.exe from the Windows inf file.

If your an online gamer removing that program is a must. Many players are now having sound issues in HL2 "sound skipping" and Steam just released a Cache File patch that you run at their website to fix this problem.

I never had the problem but ran the patch anyways. I never had the problem because I removed an Audio_Video related TROJAN called unregmp2.exe from my computer days before I installed Half Life2.

As I already said it is entirely up to you guys to decide what is best for you about their unregmp2.exe file for me it was a no brainer is was backed up to a floppy both the Program and the Registry key and then Most certainly Erased out of existence from my OS.

FYI my friend in Texas still runs Win98 SE and he extensively searched for that file in both his registry and his files and it does not show so if Win98 users are reporting problems with that file "unregmp2.exe" then there is more to it then a harmless file. Right ? Right!!

GOD LOVES CANADA

Reply to SoDNighthawk

Quote :

I think it is just a program that can be exploited to gain access to a PC. There is nothing malicious about it.

And he's calling me an idiot lol..........

GOD LOVES CANADA

Reply to SoDNighthawk

Please do point me to a site that describes this program as a trojan...any site at all. Because all the sites I have found call it an exploit, would you like links:
<A HREF="http://www.pestpatrol.com/PestInfo/u/unregmp2_exe.asp" target="_new">http://www.pestpatrol.com/PestInfo/u/unregmp2_exe.asp</A>
[url]http://www.scanspyware.net/info/Unregmp2.exe.htm[/ur]

Would you like quotes from these sites:

Quote :

Unregmp2.exe is an Exploit, which is a way of breaking into a system. An exploit takes advantage of a weakness in a system in order to hack it.

Quote :

Exploit: A way of breaking into a system. An exploit takes advantage of a weakness in a system in order to hack it.

NOWHERE DOES IT SAY ANYTHING ABOUT THIS PROGRAM BEING A TROJAN. Why the hell would microsoft include a trojan horse with media player? "Here you go hackers, if it wasnt already easy enough to hack in to windows systems we have included a trojan horse program just for you".

Reply to jammydodger

Jammy TROJANS are programs and unregmp2.exe is a program.

<A HREF="http://img97.exs.cx/img97/2193/unregmp2_exe_pic1.jpg" target="_new">http://img97.exs.cx/img97/2193/unregmp2_exe_pic1.jpg</A>

GOD LOVES CANADA

Reply to SoDNighthawk

SoD word can be used to gain illegal access to your computer by using a buffer overflow attack. This does not make it a trojan! It simply means it has a vunerability.
Windows also runs a basic FTP client that can be used to transfer files to your computer, this is also not a trojan. It also runs another FTP client called TFTP, this is also not a trojan. By your logic everything is a [-peep-] trojan! Numb nuts.

Reply to jammydodger

I don't know why you goof balls are picking the post apart simply remove unregmp2.exe for your own protection or stick a sock in it makes no matter to me now does it.

If you cant accept that your were told valuable information then accept the fact that you did not make the post because you did not know anything about it and get on with your life. :smile:

As I said I removed it from the registry and the inf file already. It's an Exploit it is a Program and it is therefore a Trojan simple as that. By any definition. You must work for MS the way you are trying to sidetrack the vulnerability found.

Makes people wonder.........

GOD LOVES CANADA

Reply to SoDNighthawk

Why would Microsoft ship trojans in thier software?

I'm sure that file has some use, and deleting it would cause some unwanted side effects...since u've already deleted it I'm praying the side affects are one of the following:

1. Blocking http://community.tomshardware.com from any PC you ever use
2. Stops you inputting any username / password at http://community.tomshardware.com
3. Causes your PSU to explode while you are using your PC, 'unfortunatly' the resulting explosion blinds you.

Any of the above would make me very happy

_______________________
<A HREF="http://www.moviewavs.com/MP3S/TV_Shows/Simpsons/flanderssong.mp3" target="_new">Audio Sig</A>

Reply to Ned_Flanders

Ned Wrote

Quote :

Any of the above would make me very happy

Children generally spend time out's in their room.

Microsoft sell software with Trojans in it..........Wow he finally woke the He Double Hockey Sticks Up.

GOD LOVES CANADA

Reply to SoDNighthawk

Well you've got my attention, I've always wondered if Microsoft had some backdoors in their operating systems, XP itself has quite a few programs running in the background anyway, that keeps a software firewall pretty busy.

Its kinda funny that even when you intentionally try to help people here, you get the usual bashing ceremony, I don't believe for a minute that you're trying to get people to harm their systems like email pranksters do.

Have you found out exactly what this file does?

And why Microsoft would put the file there in the first place?

If its using resources whats it actually doing?

This is not a trick post on my part, I know we've had some past problems between us, but I'm sincerely asking these questions.

I'm 4ryan6 and I approved this message! :smile:

Reply to 4ryan6

Haha, this thread made me laugh.

Yes this file does pose a security risk, but it is NOT a trojan as SoD insists, it is simply another piece of poor Microsoft programming which can be exploited to gain access to the machine. The program itself is not acting maliciously. Still worth getting rid of though.

Fatal Error #449: Unable to process the "Go to Hell" command specified.

Reply to Playbus

Thank you Playbus, finally some one else realises that SoD is chatting crap.

I Trojan horse is a program that is made to deliberatly comprimise a system.

Reply to jammydodger

i'm still curious what it actually does.

i mean if its been put there it must be doing somthing.

Alltaken

<A HREF="http://www.mudpuddle.co.nz" target="_new">http://www.mudpuddle.co.nz</A> its where its all going on, oh and its also all going on HERE <A HREF="http://doug.mudpuddle.co.nz/gallery/" target="_new">http://doug.mudpuddle.co.nz/gallery/</A>

Reply to alltaken

Quote :

Children generally spend time out's in their room

Adults generally arn't complete losers, who spend their time posting crap in a forum where nobody likes them - Your definiatly a mould breaker SoD.

_______________________
<A HREF="http://www.moviewavs.com/MP3S/TV_Shows/Simpsons/flanderssong.mp3" target="_new">Audio Sig</A>

Reply to Ned_Flanders

Quote :

i'm still curious what it actually does.

i mean if its been put there it must be doing somthing.

I've already hypothesised that it allows you to access
http://community.tomshardware.com, and input a Username / Password on forementioned site. Also this program stops your PSU from exploding :lol:

_______________________
<A HREF="http://www.moviewavs.com/MP3S/TV_Shows/Simpsons/flanderssong.mp3" target="_new">Audio Sig</A>

Reply to Ned_Flanders

Quote :

where nobody likes them

Your absolutely right Ned you are a nobody and don't ever forget your place.

GOD LOVES CANADA

Reply to SoDNighthawk

Read the full sentance moron. Don't bother to reply.

_______________________
<A HREF="http://www.moviewavs.com/MP3S/TV_Shows/Simpsons/flanderssong.mp3" target="_new">Audio Sig</A>

Reply to Ned_Flanders

Ask the community Add a reply

Tom's Hardware > Forum > Old Man/Woman's Club > Other > HIGH ALERT MS Built in Trojan Found

Go to:

Help |
Forum rules

There are 907 identified and unidentified users. To see the list of identified users, Click here.

Page generated in 0.512 seconds

Please mind

You are about to answer a thread that has been inactive for more than 6 months.
If you still wish to proceed, please ensure that your posting is original and does not duplicate or overlap any prior responses to this thread.

Add a reply Cancel

Twitter

HIGH ALERT MS Built in Trojan Found

Forum Old Man/Woman's Club : Other - HIGH ALERT MS Built in Trojan Found

Please mind