V
vincemoon
I Downloaded the latest version of registry monitor 'regmon' yesterday.
I researched the net regarding constant repetitive registry activity
detected by regmon on my XP computer (see log excerpt below).
The constant repetitive registry activity alarmed me, though my
computer is functioning well. Does not seem like it would be good for a
computer to carry on in such fashion.
On the web, I found some sites that consider the activity noted in my
registry monitoring log normal but more that consider it to be
indicative of the presence of a virus.
I could not find much on the net the most relevant page was at:
http://groups-beta.google.com/group...ack+to+Search&scrollSave=&&d#1700b39c735a2c8a
One of the guys in the above post sent this woman who like me was
disturbed by thousands of repetitive calls to a modem, (unlike me her
computer was all screwed up) to the following link that does not work:
http://securityresponse.symantec.com/avcenter/venc/data/[email protected]
..
This bug-bear is related to the netsky that Norton firewall/antivirus
supposedly "quarantined" on my computer.
On the net I found indications that the problem might be: due to a
virus that has penetrated the system restore area or some area of the
registry that the antivirus programs cannot usually reach; or due to
some virus infecting startup. Norton anti-virus did not find any
viruses on my computer.
NORTON REPORTS RE NETSKY VIRUS EMAIL IN MY COMPUTER
virus email
Sender: Mail Delivery Subsystem
<[email protected]>
Recipient: ---------
Subject: Returned mail: User unknown
The email attachment Unknown000008A4.data
is infected with the W32.Netsky.P@mm!enc
virus.
The file C:\Documents and
Settings\HP_Administrator\Local
Settings\Temp\CC33A.tmp is infected with
the W32.Netsky.P@mm!enc virus.
The email attachment Unknown0000077F.data
is infected with the W32.Netsky.P@mm!enc
virus.
Sender: (e-mail address removed)
Recipient: --------
Subject: Delivery Status Notification
(Delay)
The email attachment Unknown0000077F.data
is infected with the W32.Netsky.P@mm!enc
virus.
REGISTRY MONITOR LOG EXCERPT
62 11.04561669 hphmon06.exe:2408 CloseKey
HKLM\Software\Microsoft\Advanced INF Setup SUCCESS
2963 11.05237146 AGRSMMSG.exe:2756 OpenKey
HKLM\SOFTWARE\Agere\SoftModem SUCCESS Access: 0x103
2964 11.05238124 AGRSMMSG.exe:2756 QueryValue
HKLM\SOFTWARE\Agere\SoftModem\MsgStopRequest NOTFOUND
2965 11.05239185 AGRSMMSG.exe:2756 CloseKey
HKLM\SOFTWARE\Agere\SoftModem SUCCESS
2966 11.05241085 AGRSMMSG.exe:2756 OpenKey
HKLM\SOFTWARE\Agere\SoftModem SUCCESS Access: 0x101
2967 11.05242231 AGRSMMSG.exe:2756 QueryValue
HKLM\SOFTWARE\Agere\SoftModem\ActiveModems SUCCESS 00 00 00 00
2968 11.05243627 AGRSMMSG.exe:2756 CloseKey
HKLM\SOFTWARE\Agere\SoftModem SUCCESS
2969 11.16171776 AGRSMMSG.exe:2756 OpenKey
HKLM\SOFTWARE\Agere\SoftModem SUCCESS Access: 0x103
2970 11.16173117 AGRSMMSG.exe:2756 QueryValue
HKLM\SOFTWARE\Agere\SoftModem\MsgStopRequest NOTFOUND
2971 11.16174905 AGRSMMSG.exe:2756 CloseKey
HKLM\SOFTWARE\Agere\SoftModem SUCCESS
2972 11.16176581 AGRSMMSG.exe:2756 OpenKey
HKLM\SOFTWARE\Agere\SoftModem SUCCESS Access: 0x101
2973 11.16177699 AGRSMMSG.exe:2756 QueryValue
HKLM\SOFTWARE\Agere\SoftModem\ActiveModems SUCCESS 00 00 00 00
2974 11.16178593 AGRSMMSG.exe:2756 CloseKey
HKLM\SOFTWARE\Agere\SoftModem SUCCESS
2975 11.27406556 AGRSMMSG.exe:2756 OpenKey
HKLM\SOFTWARE\Agere\SoftModem SUCCESS Access: 0x103
2976 11.27407925 AGRSMMSG.exe:2756 QueryValue
HKLM\SOFTWARE\Agere\SoftModem\MsgStopRequest NOTFOUND
2977 11.27426530 AGRSMMSG.exe:2756 CloseKey
HKLM\SOFTWARE\Agere\SoftModem SUCCESS
2978 11.27428598 AGRSMMSG.exe:2756 OpenKey
HKLM\SOFTWARE\Agere\SoftModem SUCCESS Access: 0x101
2979 11.27429743 AGRSMMSG.exe:2756 QueryValue
HKLM\SOFTWARE\Agere\SoftModem\ActiveModems SUCCESS 00 00 00 00
2980 11.27430693 AGRSMMSG.exe:2756 CloseKey
HKLM\SOFTWARE\Agere\SoftModem SUCCESS
2981 11.38409099 AGRSMMSG.exe:2756 OpenKey
HKLM\SOFTWARE\Agere\SoftModem SUCCESS Access: 0x103
2982 11.38410608 AGRSMMSG.exe:2756 QueryValue
HKLM\SOFTWARE\Agere\SoftModem\MsgStopRequest NOTFOUND
2983 11.38412564 AGRSMMSG.exe:2756 CloseKey
HKLM\SOFTWARE\Agere\SoftModem SUCCESS
2984 11.38450501 AGRSMMSG.exe:2756 OpenKey
HKLM\SOFTWARE\Agere\SoftModem SUCCESS Access: 0x101
David Virgil Hobbs
http://www.angelfire.com/ma/vincemoon
I researched the net regarding constant repetitive registry activity
detected by regmon on my XP computer (see log excerpt below).
The constant repetitive registry activity alarmed me, though my
computer is functioning well. Does not seem like it would be good for a
computer to carry on in such fashion.
On the web, I found some sites that consider the activity noted in my
registry monitoring log normal but more that consider it to be
indicative of the presence of a virus.
I could not find much on the net the most relevant page was at:
http://groups-beta.google.com/group...ack+to+Search&scrollSave=&&d#1700b39c735a2c8a
One of the guys in the above post sent this woman who like me was
disturbed by thousands of repetitive calls to a modem, (unlike me her
computer was all screwed up) to the following link that does not work:
http://securityresponse.symantec.com/avcenter/venc/data/[email protected]
..
This bug-bear is related to the netsky that Norton firewall/antivirus
supposedly "quarantined" on my computer.
On the net I found indications that the problem might be: due to a
virus that has penetrated the system restore area or some area of the
registry that the antivirus programs cannot usually reach; or due to
some virus infecting startup. Norton anti-virus did not find any
viruses on my computer.
NORTON REPORTS RE NETSKY VIRUS EMAIL IN MY COMPUTER
virus email
Sender: Mail Delivery Subsystem
<[email protected]>
Recipient: ---------
Subject: Returned mail: User unknown
The email attachment Unknown000008A4.data
is infected with the W32.Netsky.P@mm!enc
virus.
The file C:\Documents and
Settings\HP_Administrator\Local
Settings\Temp\CC33A.tmp is infected with
the W32.Netsky.P@mm!enc virus.
The email attachment Unknown0000077F.data
is infected with the W32.Netsky.P@mm!enc
virus.
Sender: (e-mail address removed)
Recipient: --------
Subject: Delivery Status Notification
(Delay)
The email attachment Unknown0000077F.data
is infected with the W32.Netsky.P@mm!enc
virus.
REGISTRY MONITOR LOG EXCERPT
62 11.04561669 hphmon06.exe:2408 CloseKey
HKLM\Software\Microsoft\Advanced INF Setup SUCCESS
2963 11.05237146 AGRSMMSG.exe:2756 OpenKey
HKLM\SOFTWARE\Agere\SoftModem SUCCESS Access: 0x103
2964 11.05238124 AGRSMMSG.exe:2756 QueryValue
HKLM\SOFTWARE\Agere\SoftModem\MsgStopRequest NOTFOUND
2965 11.05239185 AGRSMMSG.exe:2756 CloseKey
HKLM\SOFTWARE\Agere\SoftModem SUCCESS
2966 11.05241085 AGRSMMSG.exe:2756 OpenKey
HKLM\SOFTWARE\Agere\SoftModem SUCCESS Access: 0x101
2967 11.05242231 AGRSMMSG.exe:2756 QueryValue
HKLM\SOFTWARE\Agere\SoftModem\ActiveModems SUCCESS 00 00 00 00
2968 11.05243627 AGRSMMSG.exe:2756 CloseKey
HKLM\SOFTWARE\Agere\SoftModem SUCCESS
2969 11.16171776 AGRSMMSG.exe:2756 OpenKey
HKLM\SOFTWARE\Agere\SoftModem SUCCESS Access: 0x103
2970 11.16173117 AGRSMMSG.exe:2756 QueryValue
HKLM\SOFTWARE\Agere\SoftModem\MsgStopRequest NOTFOUND
2971 11.16174905 AGRSMMSG.exe:2756 CloseKey
HKLM\SOFTWARE\Agere\SoftModem SUCCESS
2972 11.16176581 AGRSMMSG.exe:2756 OpenKey
HKLM\SOFTWARE\Agere\SoftModem SUCCESS Access: 0x101
2973 11.16177699 AGRSMMSG.exe:2756 QueryValue
HKLM\SOFTWARE\Agere\SoftModem\ActiveModems SUCCESS 00 00 00 00
2974 11.16178593 AGRSMMSG.exe:2756 CloseKey
HKLM\SOFTWARE\Agere\SoftModem SUCCESS
2975 11.27406556 AGRSMMSG.exe:2756 OpenKey
HKLM\SOFTWARE\Agere\SoftModem SUCCESS Access: 0x103
2976 11.27407925 AGRSMMSG.exe:2756 QueryValue
HKLM\SOFTWARE\Agere\SoftModem\MsgStopRequest NOTFOUND
2977 11.27426530 AGRSMMSG.exe:2756 CloseKey
HKLM\SOFTWARE\Agere\SoftModem SUCCESS
2978 11.27428598 AGRSMMSG.exe:2756 OpenKey
HKLM\SOFTWARE\Agere\SoftModem SUCCESS Access: 0x101
2979 11.27429743 AGRSMMSG.exe:2756 QueryValue
HKLM\SOFTWARE\Agere\SoftModem\ActiveModems SUCCESS 00 00 00 00
2980 11.27430693 AGRSMMSG.exe:2756 CloseKey
HKLM\SOFTWARE\Agere\SoftModem SUCCESS
2981 11.38409099 AGRSMMSG.exe:2756 OpenKey
HKLM\SOFTWARE\Agere\SoftModem SUCCESS Access: 0x103
2982 11.38410608 AGRSMMSG.exe:2756 QueryValue
HKLM\SOFTWARE\Agere\SoftModem\MsgStopRequest NOTFOUND
2983 11.38412564 AGRSMMSG.exe:2756 CloseKey
HKLM\SOFTWARE\Agere\SoftModem SUCCESS
2984 11.38450501 AGRSMMSG.exe:2756 OpenKey
HKLM\SOFTWARE\Agere\SoftModem SUCCESS Access: 0x101
David Virgil Hobbs
http://www.angelfire.com/ma/vincemoon