msrcsnt.exe

  • Thread starter Thread starter NETCRAMMER
  • Start date Start date
N

NETCRAMMER

Does anyone have a clue what this file is (msrcsnt.exe)? it's found in the
system32 dir
and in the HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN
registry key.
Virus? Worm?
I could not find anything on MS site nor on web.

TIA!!!
 
From: "NETCRAMMER" <[email protected]>

| Does anyone have a clue what this file is (msrcsnt.exe)? it's found in the
| system32 dir
| and in the HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN
| registry key.
| Virus? Worm?
| I could not find anything on MS site nor on web.
|
| TIA!!!
|

If you think you have malware, there is just ONE nEws Group to post to;
microsoft.public.security.virus
You did not need to Croos-Post to so many News Groups.


Please submit a sample of "msrcsnt.exe" to Virus Total --
http://www.virustotal.com/flash/index_en.html
The submission will then be tested against many different AV vendor's scanners.
That will give you an idea what it is and who recognizes it. In addition, unless told
otherwise, Virus Total will provide the sample to all participating vendors.

When you get the report, please post back the exact results.
 
Search your computer to find the location, sometimes that will give you an
idea of what program the exe is associated with.
 
It probably is malware or a parasite [spyware/adware/hijack].

You could try submitting it to http://www.virustotal.com/flash/index_en.html
to see what is found. Also check your services [services.msc] to see if any
bogus services have been added using that file. If your antivirus/parasite
detection and removal programs do not detect it you probably can get rid of
it by booting into safe mode to remove the file and registry entries. Tools
such as Process Explorer, TCPView, and Autoruns from SysInternals can help
determine what is going on. Autoruns will allow you to try and stop the
process from starting and TCPView will let you know if it is associated with
a port being used on your computer. --- Steve

http://www.sysinternals.com/utilities/autoruns.html --- Autoruns and link
to SysInternals
 
Back
Top