servicepack2.exe - trojan?

C

Carol Chisholm

I've a laptop with a mysterious servicepack2.exe service which I
cannot get rid of.
It's not signed by anyone, and sits in the system32 directory.
It re-installs on every reboot, when the computer is connected to the
internet.
It may be associated with an unwanted autostarting Internet Explorer
trying to install a Hot-SeXXX toolbar.

I've tried Ad-aware, updated McAfee, run stinger, turned off System
Restore, deleted everything from the run, run once and services keys
in the registry. I've deleted the executable after terminating the
service and still it comes back.
The machine is running XP SP2, and this has survived the SP2 install.
It seems to be able to disables Windows firewall, or install itself as
an exception in Windows Firewall. Zone Alarm seems to get bypassed
somehow.
Any ideas?
 
D

David H. Lipman

There are anti virus News Groups specifically for this type of discussion.

microsoft.public.scripting.virus.discussion
microsoft.public.security.virus
alt.comp.virus
alt.comp.anti-virus

Please go to one or more of the below online scanners and perform a scan of your platform
then report back your results.

Trend:
http://housecall.antivirus.com
http://housecall.trendmicro.com

F-Secure:
http://support.f-secure.com/enu/home/ols.shtml

McAfee:
http://www.mcafee.com/myapps/mfs/default.asp

Panda:
http://www.pandasoftware.com/activescan/

Kaspersky:
http://www.kaspersky.com/de/scanforvirus

Symantec:
http://security.symantec.com/

BitDefender
http://www.bitdefender.com/scan/license.php

Dave




| I've a laptop with a mysterious servicepack2.exe service which I
| cannot get rid of.
| It's not signed by anyone, and sits in the system32 directory.
| It re-installs on every reboot, when the computer is connected to the
| internet.
| It may be associated with an unwanted autostarting Internet Explorer
| trying to install a Hot-SeXXX toolbar.
|
| I've tried Ad-aware, updated McAfee, run stinger, turned off System
| Restore, deleted everything from the run, run once and services keys
| in the registry. I've deleted the executable after terminating the
| service and still it comes back.
| The machine is running XP SP2, and this has survived the SP2 install.
| It seems to be able to disables Windows firewall, or install itself as
| an exception in Windows Firewall. Zone Alarm seems to get bypassed
| somehow.
| Any ideas?
|
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Hidden virus or trojan 2
Winlogon.exe and Rundll32.exe infected? 1
should I allow svchost.exe to access the internet? 1
Programmatically Configuring the Windows XP Firewall 1
Trojan and/or adware on my system which i can't remove 11
tskmgr32.exe trojan horse 2
Concealed Trojan? 2
Trojan 10

Top