regsvc.exe trojan

  • Thread starter Thread starter Help-Me
  • Start date Start date
H

Help-Me

Should this loadup when windows starts C:\WINDOWS\regsvc.exe ?

I don't know if it is Backdoor.IRC.Cloner or W32.HLLW.Gaobot.EE

I clicked a link in a yahoo chat room and did something you should not do.
(I download a zip file)
I open it up & then my Microsoft AntiSpyware had a popup box that ask me if
a want to block this (I clicked yes)
Then it popup a box over and over. So i unblocked it. now I can not delete
it I deleted evey thing in the zip-download
but the regsvc.exe will not go away. I know it is a trojan but all my virus
scanners will not pick it up F-Prot Antivirus and avast! Antivirus all my
updates are up to date
 
Did you try to open "msconfig" and on the "startup" tab turn off the
regsvc.exe?
Or, if you feel comfortable poking around registry, fire up "regedit"
and open this key:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
and see if it is listed in there. If it is, delete it.
After reboot, if it doesn't start again, try to do a search for the
file and delete it from the hard disk.
 
It is not in my msconfig hmm that's can't be good
I hate play around with the registry but some time you got to
think for the help I see what I can do
 
Please try the following.


1) Download the following three items...

McAfee Stinger
http://vil.nai.com/vil/stinger/

Trend Sysclean Package
http://www.trendmicro.com/download/dcs.asp

Latest Trend signature files.
http://www.trendmicro.com/download/pattern.asp

Create a directory.
On drive "C:\"
(e.g., "c:\New Folder")
or the desktop
(e.g., "C:\Documents and Settings\lipman\Desktop\New Folder")

Download SYSCLEAN.COM and place it in that directory.
Download the Trend Pattern File by obtaining the ZIP file.
For example; lpt375.zip

Extract the contents of the ZIP file and place the contents in the same directory as
SYSCLEAN.COM.

2) Disable System Restore
http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm
3) Reboot your PC into Safe Mode and shutdown as many applications as possible
4) Using both the Trend Sysclean utility and Stinger, perform a Full Scan of your
platform and clean/delete any infectors found
5) Restart your PC and perform a "final" Full Scan of your platform using both.
6) Re-enable System Restore and re-apply any System Restore preferences,
(e.g. HD space to use suggested 400 ~ 600MB),
7) Reboot your PC.
8) Create a new Restore point


* * * Please report back your results * * *


--
Dave
http://www.claymania.com/removal-trojan-adware.html





| Should this loadup when windows starts C:\WINDOWS\regsvc.exe ?
|
| I don't know if it is Backdoor.IRC.Cloner or W32.HLLW.Gaobot.EE
|
| I clicked a link in a yahoo chat room and did something you should not do.
| (I download a zip file)
| I open it up & then my Microsoft AntiSpyware had a popup box that ask me if
| a want to block this (I clicked yes)
| Then it popup a box over and over. So i unblocked it. now I can not delete
| it I deleted evey thing in the zip-download
| but the regsvc.exe will not go away. I know it is a trojan but all my virus
| scanners will not pick it up F-Prot Antivirus and avast! Antivirus all my
| updates are up to date
|
|
 
Damage Cleanup Engine (DCE) 3.9(Build 1020)
Windows XP(Build 2600: Service Pack 1)

Start time : Thu Jan 27 2005 15:02:10

Load Damage Cleanup Template (DCT) "C:\New Folder\tsc.ptn" (version 495)
[success]

Complete time : Thu Jan 27 2005 15:05:18
Execute pattern count(1795), Virus found count(0), Virus clean count(0),
Clean failed count(0)

2005-01-27, 15:05:45, An error occurred while scanning file "C:\Documents
and Settings\Administrator\NTUSER.DAT": Access is denied.
2005-01-27, 15:05:45, An error occurred while scanning file "C:\Documents
and Settings\Administrator\NTUSER.DAT.LOG": Access is denied.
2005-01-27, 15:05:45, An error occurred while scanning file "C:\Documents
and Settings\Administrator\Local Settings\Application
Data\Microsoft\Windows\UsrClass.dat": Access is denied.
2005-01-27, 15:05:45, An error occurred while scanning file "C:\Documents
and Settings\Administrator\Local Settings\Application
Data\Microsoft\Windows\UsrClass.dat.LOG": Access is denied.
2005-01-27, 15:05:51, Could not set file for reading on "C:\Documents and
Settings\All Users\Application
Data\Microsoft\Crypto\DSS\MachineKeys\db02997f99d5bc5f5f1f732a14a1fbd1_a9e67
886-fe7f-4ce0-8181-3aa366f95ea9": Access is denied.
2005-01-27, 15:44:54, An error was detected on "C:\System Volume
Information\*.*": Access is denied.
2005-01-27, 15:47:28, Could not set file for reading on
"C:\WINDOWS\$NtUninstallKB826939$\accwiz.exe": Access is denied.
2005-01-27, 15:47:28, Could not set file for reading on
"C:\WINDOWS\$NtUninstallKB826939$\crypt32.dll": Access is denied.
2005-01-27, 15:47:28, Could not set file for reading on
"C:\WINDOWS\$NtUninstallKB826939$\cryptsvc.dll": Access is denied.
2005-01-27, 15:47:28, Could not set file for reading on
"C:\WINDOWS\$NtUninstallKB826939$\hh.exe": Access is denied.
2005-01-27, 15:47:28, Could not set file for reading on
"C:\WINDOWS\$NtUninstallKB826939$\hhctrl.ocx": Access is denied.
2005-01-27, 15:47:28, Could not set file for reading on
"C:\WINDOWS\$NtUninstallKB826939$\hhsetup.dll": Access is denied.
2005-01-27, 15:47:28, Could not set file for reading on
"C:\WINDOWS\$NtUninstallKB826939$\html32.cnv": Access is denied.
2005-01-27, 15:47:28, Could not set file for reading on
"C:\WINDOWS\$NtUninstallKB826939$\locator.exe": Access is denied.
2005-01-27, 15:47:28, Could not set file for reading on
"C:\WINDOWS\$NtUninstallKB826939$\magnify.exe": Access is denied.
2005-01-27, 15:47:28, Could not set file for reading on
"C:\WINDOWS\$NtUninstallKB826939$\migwiz.exe": Access is denied.
2005-01-27, 15:47:28, Could not set file for reading on
"C:\WINDOWS\$NtUninstallKB826939$\mrxsmb.sys": Access is denied.
2005-01-27, 15:47:28, Could not set file for reading on
"C:\WINDOWS\$NtUninstallKB826939$\msconv97.dll": Access is denied.
2005-01-27, 15:47:28, Could not set file for reading on
"C:\WINDOWS\$NtUninstallKB826939$\narrator.exe": Access is denied.
2005-01-27, 15:47:28, Could not set file for reading on
"C:\WINDOWS\$NtUninstallKB826939$\newdev.dll": Access is denied.
2005-01-27, 15:47:28, Could not set file for reading on
"C:\WINDOWS\$NtUninstallKB826939$\ntdll.dll": Access is denied.
2005-01-27, 15:47:28, Could not set file for reading on
"C:\WINDOWS\$NtUninstallKB826939$\osk.exe": Access is denied.
2005-01-27, 15:47:28, Could not set file for reading on
"C:\WINDOWS\$NtUninstallKB826939$\pchshell.dll": Access is denied.
2005-01-27, 15:47:28, Could not set file for reading on
"C:\WINDOWS\$NtUninstallKB826939$\raspptp.sys": Access is denied.
2005-01-27, 15:47:28, Could not set file for reading on
"C:\WINDOWS\$NtUninstallKB826939$\shmedia.dll": Access is denied.
2005-01-27, 15:47:28, Could not set file for reading on
"C:\WINDOWS\$NtUninstallKB826939$\srrstr.dll": Access is denied.
2005-01-27, 15:47:28, Could not set file for reading on
"C:\WINDOWS\$NtUninstallKB826939$\srv.sys": Access is denied.
2005-01-27, 15:47:28, Could not set file for reading on
"C:\WINDOWS\$NtUninstallKB826939$\sysmain.sdb": Access is denied.
2005-01-27, 15:47:28, Could not set file for reading on
"C:\WINDOWS\$NtUninstallKB828035$\msgsvc.dll": Access is denied.
2005-01-27, 15:47:28, Could not set file for reading on
"C:\WINDOWS\$NtUninstallKB828035$\wkssvc.dll": Access is denied.
2005-01-27, 15:47:29, Could not set file for reading on
"C:\WINDOWS\$NtUninstallKB828741$\catsrv.dll": Access is denied.
2005-01-27, 15:47:29, Could not set file for reading on
"C:\WINDOWS\$NtUninstallKB828741$\catsrvut.dll": Access is denied.
2005-01-27, 15:47:29, Could not set file for reading on
"C:\WINDOWS\$NtUninstallKB828741$\clbcatex.dll": Access is denied.
2005-01-27, 15:47:29, Could not set file for reading on
"C:\WINDOWS\$NtUninstallKB828741$\clbcatq.dll": Access is denied.
2005-01-27, 15:47:29, Could not set file for reading on
"C:\WINDOWS\$NtUninstallKB828741$\colbact.dll": Access is denied.
2005-01-27, 15:47:29, Could not set file for reading on
"C:\WINDOWS\$NtUninstallKB828741$\comadmin.dll": Access is denied.
2005-01-27, 15:47:29, Could not set file for reading on
"C:\WINDOWS\$NtUninstallKB828741$\comrepl.exe": Access is denied.
2005-01-27, 15:47:29, Could not set file for reading on
"C:\WINDOWS\$NtUninstallKB828741$\comsvcs.dll": Access is denied.
2005-01-27, 15:47:29, Could not set file for reading on
"C:\WINDOWS\$NtUninstallKB828741$\comuid.dll": Access is denied.
2005-01-27, 15:47:29, Could not set file for reading on
"C:\WINDOWS\$NtUninstallKB828741$\es.dll": Access is denied.
2005-01-27, 15:47:29, Could not set file for reading on
"C:\WINDOWS\$NtUninstallKB828741$\migregdb.exe": Access is denied.
2005-01-27, 15:47:29, Could not set file for reading on
"C:\WINDOWS\$NtUninstallKB828741$\msdtcprx.dll": Access is denied.
2005-01-27, 15:47:29, Could not set file for reading on
"C:\WINDOWS\$NtUninstallKB828741$\msdtctm.dll": Access is denied.
2005-01-27, 15:47:29, Could not set file for reading on
"C:\WINDOWS\$NtUninstallKB828741$\msdtcuiu.dll": Access is denied.
2005-01-27, 15:47:29, Could not set file for reading on
"C:\WINDOWS\$NtUninstallKB828741$\mtxclu.dll": Access is denied.
2005-01-27, 15:47:29, Could not set file for reading on
"C:\WINDOWS\$NtUninstallKB828741$\mtxoci.dll": Access is denied.
2005-01-27, 15:47:29, Could not set file for reading on
"C:\WINDOWS\$NtUninstallKB828741$\ole32.dll": Access is denied.
2005-01-27, 15:47:29, Could not set file for reading on
"C:\WINDOWS\$NtUninstallKB828741$\rpcrt4.dll": Access is denied.
2005-01-27, 15:47:29, Could not set file for reading on
"C:\WINDOWS\$NtUninstallKB828741$\rpcss.dll": Access is denied.
2005-01-27, 15:47:29, Could not set file for reading on
"C:\WINDOWS\$NtUninstallKB828741$\txflog.dll": Access is denied.
2005-01-27, 15:47:29, Could not set file for reading on
"C:\WINDOWS\$NtUninstallKB833987$\sxs.dll": Access is denied.
2005-01-27, 15:47:29, Could not set file for reading on
"C:\WINDOWS\$NtUninstallKB835732$\callcont.dll": Access is denied.
2005-01-27, 15:47:29, Could not set file for reading on
"C:\WINDOWS\$NtUninstallKB835732$\cmdevtgprov.dll": Access is denied.
2005-01-27, 15:47:29, Could not set file for reading on
"C:\WINDOWS\$NtUninstallKB835732$\evtgprov.dll": Access is denied.
2005-01-27, 15:47:29, Could not set file for reading on
"C:\WINDOWS\$NtUninstallKB835732$\gdi32.dll": Access is denied.
2005-01-27, 15:47:29, Could not set file for reading on
"C:\WINDOWS\$NtUninstallKB835732$\h323.tsp": Access is denied.
2005-01-27, 15:47:29, Could not set file for reading on
"C:\WINDOWS\$NtUninstallKB835732$\h323msp.dll": Access is denied.
2005-01-27, 15:47:29, Could not set file for reading on
"C:\WINDOWS\$NtUninstallKB835732$\helpctr.exe": Access is denied.
2005-01-27, 15:47:29, Could not set file for reading on
"C:\WINDOWS\$NtUninstallKB835732$\ipnathlp.dll": Access is denied.
2005-01-27, 15:47:29, Could not set file for reading on
"C:\WINDOWS\$NtUninstallKB835732$\lsasrv.dll": Access is denied.
2005-01-27, 15:47:29, Could not set file for reading on
"C:\WINDOWS\$NtUninstallKB835732$\mf3216.dll": Access is denied.
2005-01-27, 15:47:29, Could not set file for reading on
"C:\WINDOWS\$NtUninstallKB835732$\msasn1.dll": Access is denied.
2005-01-27, 15:47:29, Could not set file for reading on
"C:\WINDOWS\$NtUninstallKB835732$\msgina.dll": Access is denied.
2005-01-27, 15:47:29, Could not set file for reading on
"C:\WINDOWS\$NtUninstallKB835732$\mst120.dll": Access is denied.
2005-01-27, 15:47:29, Could not set file for reading on
"C:\WINDOWS\$NtUninstallKB835732$\netapi32.dll": Access is denied.
2005-01-27, 15:47:29, Could not set file for reading on
"C:\WINDOWS\$NtUninstallKB835732$\nmcom.dll": Access is denied.
2005-01-27, 15:47:29, Could not set file for reading on
"C:\WINDOWS\$NtUninstallKB835732$\rtcdll.dll": Access is denied.
2005-01-27, 15:47:29, Could not set file for reading on
"C:\WINDOWS\$NtUninstallKB835732$\schannel.dll": Access is denied.
2005-01-27, 15:47:29, Could not set file for reading on
"C:\WINDOWS\$NtUninstallKB837001$\dao360.dll": Access is denied.
2005-01-27, 15:47:29, Could not set file for reading on
"C:\WINDOWS\$NtUninstallKB837001$\expsrv.dll": Access is denied.
2005-01-27, 15:47:29, Could not set file for reading on
"C:\WINDOWS\$NtUninstallKB837001$\msexch40.dll": Access is denied.
2005-01-27, 15:47:29, Could not set file for reading on
"C:\WINDOWS\$NtUninstallKB837001$\msexcl40.dll": Access is denied.
2005-01-27, 15:47:29, Could not set file for reading on
"C:\WINDOWS\$NtUninstallKB837001$\msjet40.dll": Access is denied.
2005-01-27, 15:47:29, Could not set file for reading on
"C:\WINDOWS\$NtUninstallKB837001$\msjetoledb40.dll": Access is denied.
2005-01-27, 15:47:29, Could not set file for reading on
"C:\WINDOWS\$NtUninstallKB837001$\msjint40.dll": Access is denied.
2005-01-27, 15:47:29, Could not set file for reading on
"C:\WINDOWS\$NtUninstallKB837001$\msjter40.dll": Access is denied.
2005-01-27, 15:47:29, Could not set file for reading on
"C:\WINDOWS\$NtUninstallKB837001$\msjtes40.dll": Access is denied.
2005-01-27, 15:47:29, Could not set file for reading on
"C:\WINDOWS\$NtUninstallKB837001$\msltus40.dll": Access is denied.
2005-01-27, 15:47:29, Could not set file for reading on
"C:\WINDOWS\$NtUninstallKB837001$\mspbde40.dll": Access is denied.
2005-01-27, 15:47:29, Could not set file for reading on
"C:\WINDOWS\$NtUninstallKB837001$\msrd2x40.dll": Access is denied.
2005-01-27, 15:47:29, Could not set file for reading on
"C:\WINDOWS\$NtUninstallKB837001$\msrd3x40.dll": Access is denied.
2005-01-27, 15:47:29, Could not set file for reading on
"C:\WINDOWS\$NtUninstallKB837001$\msrepl40.dll": Access is denied.
2005-01-27, 15:47:29, Could not set file for reading on
"C:\WINDOWS\$NtUninstallKB837001$\mstext40.dll": Access is denied.
2005-01-27, 15:47:29, Could not set file for reading on
"C:\WINDOWS\$NtUninstallKB837001$\mswdat10.dll": Access is denied.
2005-01-27, 15:47:29, Could not set file for reading on
"C:\WINDOWS\$NtUninstallKB837001$\mswstr10.dll": Access is denied.
2005-01-27, 15:47:29, Could not set file for reading on
"C:\WINDOWS\$NtUninstallKB837001$\msxbde40.dll": Access is denied.
2005-01-27, 15:47:29, Could not set file for reading on
"C:\WINDOWS\$NtUninstallKB837001$\vbajet32.dll": Access is denied.
2005-01-27, 15:47:48, Could not set file for reading on
"C:\WINDOWS\$NtUninstallQ828026$\msdxm.ocx": Access is denied.
2005-01-27, 15:47:48, Could not set file for reading on
"C:\WINDOWS\$NtUninstallQ828026$\wmpcore.dll": Access is denied.
2005-01-27, 15:52:47, Could not set file for reading on
"C:\WINDOWS\PCHEALTH\ErrorRep\UserDumps\smc.exe.20041219-213246-00.hdmp":
Access is denied.
2005-01-27, 15:52:47, Could not set file for reading on
"C:\WINDOWS\PCHEALTH\ErrorRep\UserDumps\smc.exe.20041230-115442-00.hdmp":
Access is denied.
2005-01-27, 15:52:47, Could not set file for reading on
"C:\WINDOWS\PCHEALTH\ErrorRep\UserDumps\smc.exe.20050110-230642-00.hdmp":
Access is denied.
2005-01-27, 15:53:05, Could not set file for reading on
"C:\WINDOWS\Prefetch\ATI2EVXX.EXE-19D16EB9.pf": Access is denied.
2005-01-27, 15:53:05, Could not set file for reading on
"C:\WINDOWS\Prefetch\AVAST.SETUP-032170A8.pf": Access is denied.
2005-01-27, 15:53:05, Could not set file for reading on
"C:\WINDOWS\Prefetch\BSPLAYER.EXE-14B7F352.pf": Access is denied.
2005-01-27, 15:53:05, Could not set file for reading on
"C:\WINDOWS\Prefetch\C2.EXE-09FC283E.pf": Access is denied.
2005-01-27, 15:53:05, Could not set file for reading on
"C:\WINDOWS\Prefetch\CCLEANER.EXE-0BCE437C.pf": Access is denied.
2005-01-27, 15:53:05, Could not set file for reading on
"C:\WINDOWS\Prefetch\CURRENTLOGON.EXE-32253424.pf": Access is denied.
2005-01-27, 15:53:05, Could not set file for reading on
"C:\WINDOWS\Prefetch\DLLHOST.EXE-1ECB6754.pf": Access is denied.
2005-01-27, 15:53:05, Could not set file for reading on
"C:\WINDOWS\Prefetch\DUMPREP.EXE-1B46F901.pf": Access is denied.
2005-01-27, 15:53:05, Could not set file for reading on
"C:\WINDOWS\Prefetch\DWWIN.EXE-30875ADC.pf": Access is denied.
2005-01-27, 15:53:05, Could not set file for reading on
"C:\WINDOWS\Prefetch\EXPLORER.EXE-082F38A9.pf": Access is denied.
2005-01-27, 15:53:05, Could not set file for reading on
"C:\WINDOWS\Prefetch\GCASSERVALERT.EXE-23FC31BB.pf": Access is denied.
2005-01-27, 15:53:05, Could not set file for reading on
"C:\WINDOWS\Prefetch\GIANTANTISPYWAREMAIN.EXE-0F089A5A.pf": Access is
denied.
2005-01-27, 15:53:05, Could not set file for reading on
"C:\WINDOWS\Prefetch\HELPSVC.EXE-2878DDA2.pf": Access is denied.
2005-01-27, 15:53:05, Could not set file for reading on
"C:\WINDOWS\Prefetch\IEXPLORE.EXE-27122324.pf": Access is denied.
2005-01-27, 15:53:05, Could not set file for reading on
"C:\WINDOWS\Prefetch\ISOLATE.TSK-05752622.pf": Access is denied.
2005-01-27, 15:53:06, Could not set file for reading on
"C:\WINDOWS\Prefetch\Layout.ini": Access is denied.
2005-01-27, 15:53:06, Could not set file for reading on
"C:\WINDOWS\Prefetch\LINK.EXE-03DC0DBB.pf": Access is denied.
2005-01-27, 15:53:06, Could not set file for reading on
"C:\WINDOWS\Prefetch\MSDTC.EXE-0E6E4AF7.pf": Access is denied.
2005-01-27, 15:53:06, Could not set file for reading on
"C:\WINDOWS\Prefetch\MSIMN.EXE-38BA891D.pf": Access is denied.
2005-01-27, 15:53:06, Could not set file for reading on
"C:\WINDOWS\Prefetch\MSMSGS.EXE-2B6052DE.pf": Access is denied.
2005-01-27, 15:53:06, Could not set file for reading on
"C:\WINDOWS\Prefetch\MSPAINT.EXE-11CBB631.pf": Access is denied.
2005-01-27, 15:53:06, Could not set file for reading on
"C:\WINDOWS\Prefetch\NET.EXE-01A53C2F.pf": Access is denied.
2005-01-27, 15:53:06, Could not set file for reading on
"C:\WINDOWS\Prefetch\NOTEPAD.EXE-336351A9.pf": Access is denied.
2005-01-27, 15:53:06, Could not set file for reading on
"C:\WINDOWS\Prefetch\NTOSBOOT-B00DFAAD.pf": Access is denied.
2005-01-27, 15:53:06, Could not set file for reading on
"C:\WINDOWS\Prefetch\RAWROVERS.EXE-23E8E620.pf": Access is denied.
2005-01-27, 15:53:06, Could not set file for reading on
"C:\WINDOWS\Prefetch\RUNDLL32.EXE-26DA8C9B.pf": Access is denied.
2005-01-27, 15:53:06, Could not set file for reading on
"C:\WINDOWS\Prefetch\SETUP.OVR-154CE291.pf": Access is denied.
2005-01-27, 15:53:06, Could not set file for reading on
"C:\WINDOWS\Prefetch\TASKMGR.EXE-20256C55.pf": Access is denied.
2005-01-27, 15:53:06, Could not set file for reading on
"C:\WINDOWS\Prefetch\USERINIT.EXE-30B18140.pf": Access is denied.
2005-01-27, 15:53:06, Could not set file for reading on
"C:\WINDOWS\Prefetch\VB6.EXE-39ACB328.pf": Access is denied.
2005-01-27, 15:53:06, Could not set file for reading on
"C:\WINDOWS\Prefetch\VOXUSER.EXE-14155549.pf": Access is denied.
2005-01-27, 15:53:06, Could not set file for reading on
"C:\WINDOWS\Prefetch\WINAMP.EXE-0D0189CA.pf": Access is denied.
2005-01-27, 15:53:06, Could not set file for reading on
"C:\WINDOWS\Prefetch\WMIPRVSE.EXE-28F301A9.pf": Access is denied.
2005-01-27, 15:53:06, Could not set file for reading on
"C:\WINDOWS\Prefetch\WUAUCLT.EXE-399A8E72.pf": Access is denied.
2005-01-27, 15:53:06, Could not set file for reading on
"C:\WINDOWS\Prefetch\YAHELITE.EXE-19545285.pf": Access is denied.
2005-01-27, 15:53:06, Could not set file for reading on
"C:\WINDOWS\Prefetch\YAHVOX.EXE-39608843.pf": Access is denied.
2005-01-27, 15:57:51, An error occurred while scanning file
"C:\WINDOWS\system32\config\default": Access is denied.
2005-01-27, 15:57:51, An error occurred while scanning file
"C:\WINDOWS\system32\config\default.LOG": Access is denied.
2005-01-27, 15:57:51, An error occurred while scanning file
"C:\WINDOWS\system32\config\SAM": Access is denied.
2005-01-27, 15:57:51, An error occurred while scanning file
"C:\WINDOWS\system32\config\SAM.LOG": Access is denied.
2005-01-27, 15:57:51, An error occurred while scanning file
"C:\WINDOWS\system32\config\SECURITY": Access is denied.
2005-01-27, 15:57:51, An error occurred while scanning file
"C:\WINDOWS\system32\config\SECURITY.LOG": Access is denied.
2005-01-27, 15:57:51, An error occurred while scanning file
"C:\WINDOWS\system32\config\software": Access is denied.
2005-01-27, 15:57:51, An error occurred while scanning file
"C:\WINDOWS\system32\config\software.LOG": Access is denied.
2005-01-27, 15:57:52, An error occurred while scanning file
"C:\WINDOWS\system32\config\system": Access is denied.
2005-01-27, 15:57:52, An error occurred while scanning file
"C:\WINDOWS\system32\config\system.LOG": Access is denied.
2005-01-27, 16:00:38, Running scanner "C:\New Folder\VSCANTM.BIN"...
2005-01-27, 16:26:17, Files Detected:
Copyright (c) 1990 - 2004 Trend Micro Inc.
Report Date : 1/27/2005 16:00:39
VSAPI Engine Version : 7.000-1004
VSCANTM Version : 1.1-1001
Virus Pattern Version : 375 (87399 Patterns) (2005/01/26) (237500)
Command Line: C:\New Folder\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC
/LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=C:\New Folder

30333 files have been read.
30333 files have been checked.
23463 files have been scanned.
30572 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At : 1/27/2005 16:26:16
---------*---------*---------*---------*---------*---------*---------*------
---*
2005-01-27, 16:26:17, Files Clean:
Copyright (c) 1990 - 2004 Trend Micro Inc.
Report Date : 1/27/2005 16:00:39
VSAPI Engine Version : 7.000-1004
VSCANTM Version : 1.1-1001
Virus Pattern Version : 375 (87399 Patterns) (2005/01/26) (237500)
Command Line: C:\New Folder\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC
/LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=C:\New Folder

30333 files have been read.
30333 files have been checked.
23463 files have been scanned.
30572 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At : 1/27/2005 16:26:16 25 minutes 32 seconds (1532.88 seconds) has
elapsed.

---------*---------*---------*---------*---------*---------*---------*------
---*
2005-01-27, 16:26:17, Clean Fail:
Copyright (c) 1990 - 2004 Trend Micro Inc.
Report Date : 1/27/2005 16:00:39
VSAPI Engine Version : 7.000-1004
VSCANTM Version : 1.1-1001
Virus Pattern Version : 375 (87399 Patterns) (2005/01/26) (237500)
Command Line: C:\New Folder\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC
/LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=C:\New Folder

30333 files have been read.
30333 files have been checked.
23463 files have been scanned.
30572 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At : 1/27/2005 16:26:16 25 minutes 32 seconds (1532.88 seconds) has
elapsed.

---------*---------*---------*---------*---------*---------*---------*------
---*
2005-01-27, 16:26:17, Scanner "C:\New Folder\VSCANTM.BIN" has finished
running.
2005-01-27, 19:06:46, Running scanner "C:\New Folder\VSCANTM.BIN"...
2005-01-27, 19:10:44, Files Detected:
Copyright (c) 1990 - 2004 Trend Micro Inc.
Report Date : 1/27/2005 19:06:47
VSAPI Engine Version : 7.000-1004
VSCANTM Version : 1.1-1001
Virus Pattern Version : 375 (87399 Patterns) (2005/01/26) (237500)
Command Line: C:\New Folder\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC
/LCF /NM /NB /C /ACTIVEACTION=5 F:\*.* /P=C:\New Folder

24 files have been read.
24 files have been checked.
23 files have been scanned.
40 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At : 1/27/2005 19:10:44
---------*---------*---------*---------*---------*---------*---------*------
---*
2005-01-27, 19:10:44, Files Clean:
Copyright (c) 1990 - 2004 Trend Micro Inc.
Report Date : 1/27/2005 19:06:47
VSAPI Engine Version : 7.000-1004
VSCANTM Version : 1.1-1001
Virus Pattern Version : 375 (87399 Patterns) (2005/01/26) (237500)
Command Line: C:\New Folder\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC
/LCF /NM /NB /C /ACTIVEACTION=5 F:\*.* /P=C:\New Folder

24 files have been read.
24 files have been checked.
23 files have been scanned.
40 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At : 1/27/2005 19:10:44 3 minutes 52 seconds (232.08 seconds) has
elapsed.

---------*---------*---------*---------*---------*---------*---------*------
---*
2005-01-27, 19:10:44, Clean Fail:
Copyright (c) 1990 - 2004 Trend Micro Inc.
Report Date : 1/27/2005 19:06:47
VSAPI Engine Version : 7.000-1004
VSCANTM Version : 1.1-1001
Virus Pattern Version : 375 (87399 Patterns) (2005/01/26) (237500)
Command Line: C:\New Folder\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC
/LCF /NM /NB /C /ACTIVEACTION=5 F:\*.* /P=C:\New Folder

24 files have been read.
24 files have been checked.
23 files have been scanned.
40 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At : 1/27/2005 19:10:44 3 minutes 52 seconds (232.08 seconds) has
elapsed.

---------*---------*---------*---------*---------*---------*---------*------
---*
2005-01-27, 19:10:44, Scanner "C:\New Folder\VSCANTM.BIN" has finished
running.
 
That report is clean.

Try one or several of the below online scanners...

McAfee Security - FreeScan
http://www.mcafee.com/myapps/mfs/default.asp

Panda ActiveScan - Free online scanner
http://www.pandasoftware.com/activescan/com/activescan_principal.htm

Computer Associates:
http://www3.ca.com/securityadvisor/virusinfo/scan.aspx

DialogueScience:
http://www.antivir.ru/english/www_av/

F-Secure:
http://support.f-secure.com/enu/home/ols.shtml

BitDefender
http://www.bitdefender.com/scan/license.php

Freedom Online scanner
http://www.freedom.net/viruscenter/index.html


--
Dave
http://www.claymania.com/removal-trojan-adware.html





|
| Damage Cleanup Engine (DCE) 3.9(Build 1020)
| Windows XP(Build 2600: Service Pack 1)
|
| Start time : Thu Jan 27 2005 15:02:10
|
| Load Damage Cleanup Template (DCT) "C:\New Folder\tsc.ptn" (version 495)

< snip >
 
Hi-----

Thought that looked familiar, I've seen regsvc.exe before. It is a remote
registry service . Some more info is at www. answersthatwork.com Click on
task list, then click on the appropiate alphabet letter, and scroll down.
This site has a wealth of info on items that show up in the task manager.
Now, whether someone "used" that, or could use that, to set a trojan on your
computer is way beyond my meager knowledge. See ya------

kerdog
 
1) Download the following three items...

Trend Sysclean Package
http://www.trendmicro.com/download/dcs.asp

Latest Trend Pattern File.
http://www.trendmicro.com/download/pattern.asp

Adaware SE (free personal version v1.05)
http://www.lavasoftusa.com/

Create a directory.
On drive "C:\"
(e.g., "c:\New Folder")
or the desktop
(e.g., "C:\Documents and Settings\lipman\Desktop\New Folder")

Download Sysclean.com and place it in that directory.
Download the Trend Pattern File by obtaining the ZIP file.
For example; lpt416.zip

Extract the contents of the ZIP file and place the contents in the same directory as
sysclean.com.

2) Update Adaware with the latest definitions.
3) Disable System Restore
http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm
4) Reboot your PC into Safe Mode and shutdown as many applications as possible
5) Using both the Trend Sysclean utility and Adaware, perform a Full Scan of your
platform and clean/delete any infectors/parasites found.
(a few cycles may be needed)
6) Restart your PC and perform a "final" Full Scan of your platform using both the
Trend Sysclean utility and Adaware
7) Re-enable System Restore and re-apply any System Restore preferences,
(e.g. HD space to use suggested 400 ~ 600MB),
8) Reboot your PC.
9) Create a new Restore point


* * * Please report your results ! * * *


--
Dave
http://www.claymania.com/removal-trojan-adware.html




|
| I am also experiencing the same thing right now. regsvc.exe keeps on
| coming back evrytime I reboot my pc after deleting it. Registry editing
| is disabled. I did a little research and found out that this alledge
| virus hacks your password in yahoo messenger. I still have the
| installer virus with me. I kept it for research purposes. anywant who
| wants to take a look at it? Anyone... pleassseeeee..... help me!!! :((
|
|
| --
| boybalasubas
| ------------------------------------------------------------------------
| boybalasubas's Profile: http://www.iamnotageek.com/member.php?userid=10012
| View this thread: http://www.iamnotageek.com/showthread.php?t=807845
|
 
Back
Top