Component Services

  • Thread starter Thread starter rn5a
  • Start date Start date
R

rn5a

I am working on Win2K Pro. When I open 'Component Services' (by
navigating to Control Panel-->Administrative Tools), the name of the
very first service listed is '01325' (without the quotes). When I
double-click to open its 'Properties' dialog, the 'Path to executable'
is set to the following (note that the IP address is hypothetical):

\\41.22.13.117\Admin$\eraseme_34124.exe

The anti-virus installed in my PC reports that the file
'eraseme_34124.exe' (which resides in C:\WINNT) is actually a trojan.

Now I connect to the Internet using LAN & the IP address used to
connect to the Net is exactly the same as above i.e. 41.22.13.117. Does
this mean that the trojan is making its way through the LAN network
connection?

Also I don't connect to the Net using the ISP's server directly. The
ISP's server connects to another server (which is in the neighbourhood)
& this neighbourhood server, in turn, connects to different computers
in my area using LAN cables. Does this necessarily mean that the
neighbourhood server (which connects to my PC using LAN cables) is also
infected with the above mentioned trojan?

Moreover, how do I delete this service named '01325' from Component
Services?
 
You'll want to install some anti-virus software after using the utilities to
clean the system. Then install;

http://download.microsoft.com/download/E/6/A/E6A04295-D2A8-40D0-A0C5-241BFECD095E/W2KSP4_EN.EXE
http://www.microsoft.com/technet/security/bulletin/MS05-039.mspx

Rollup 1 for Microsoft Windows 2000 Service Pack 4
http://www.microsoft.com/downloads/...CF-8850-4531-B52B-BF28B324C662&displaylang=en


--

Regards,

Dave Patrick ....Please no email replies - reply in newsgroup.
Microsoft Certified Professional
Microsoft MVP [Windows]
http://www.microsoft.com/protect
 
From: <[email protected]>

| I am working on Win2K Pro. When I open 'Component Services' (by
| navigating to Control Panel-->Administrative Tools), the name of the
| very first service listed is '01325' (without the quotes). When I
| double-click to open its 'Properties' dialog, the 'Path to executable'
| is set to the following (note that the IP address is hypothetical):
|
| \\41.22.13.117\Admin$\eraseme_34124.exe
|
| The anti-virus installed in my PC reports that the file
| 'eraseme_34124.exe' (which resides in C:\WINNT) is actually a trojan.
|
| Now I connect to the Internet using LAN & the IP address used to
| connect to the Net is exactly the same as above i.e. 41.22.13.117. Does
| this mean that the trojan is making its way through the LAN network
| connection?
|
| Also I don't connect to the Net using the ISP's server directly. The
| ISP's server connects to another server (which is in the neighbourhood)
| & this neighbourhood server, in turn, connects to different computers
| in my area using LAN cables. Does this necessarily mean that the
| neighbourhood server (which connects to my PC using LAN cables) is also
| infected with the above mentioned trojan?
|
| Moreover, how do I delete this service named '01325' from Component
| Services?


You have a badly infected computer. Assistance was attempted and you abandoned that thread
and here you are with a new thread.

Please wipe the computer and re-install the OS from scratch !
 
David, I have disinfected my computer completely. So I just did like to
have the answers to my questions.
 
From: <[email protected]>

| David, I have disinfected my computer completely. So I just did like to
| have the answers to my questions.
|

I don't believe you are clean.
 
Its not clean if you get that service shown

You seem to be keener than me on getting my machine cleaned. I will
definitely take care of it, don't you worry anymore please!

My main intention behind this post is primarily to get the answers to
the questions I had asked in post #1 since I need to talk to those
personnels who provide me Net connection. If the answers to the first 2
questions in post #1 are yes, then I did like to bring to their notice
that my m/c is getting infected through their network.

I did be highly obliged if you could please just provide me the answers
to the questions I have put forth in post #1.

I would earnestly request you once again to not delve too much into
whether my m/c is infected or not. Thanks for your conceren but, if I
am not mistaken, other than cleaning an infected m/c, I guess it's
equally important to know the source of the infections, isn't it?

Thanks

Its not clean if you get that service shown
Click to expand...
 
I'm not meaning to be awkward, or anything else;

I assume by post1 you are refering to this thread.
I would hazard that the infection has wormed its way into the primary
network/server then been propogated throughout the network
 
Back
Top