servicepack2.exe - trojan?

C

Carol Chisholm

I've a laptop with a mysterious servicepack2.exe service which I
cannot get rid of.
It's not signed by anyone, and sits in the system32 directory.
It re-installs on every reboot, when the computer is connected to the
internet.
It may be associated with an unwanted autostarting Internet Explorer
trying to install a Hot-SeXXX toolbar.

I've tried Ad-aware, updated McAfee, run stinger, turned off System
Restore, deleted everything from the run, run once and services keys
in the registry. I've deleted the executable after terminating the
service and still it comes back.
The machine is running XP SP2, and this has survived the SP2 install.
It seems to be able to disables Windows firewall, or install itself as
an exception in Windows Firewall. Zone Alarm seems to get bypassed
somehow.
Any ideas?
 
D

David H. Lipman

There are anti virus News Groups specifically for this type of discussion.

microsoft.public.scripting.virus.discussion
microsoft.public.security.virus
alt.comp.virus
alt.comp.anti-virus

Please go to one or more of the below online scanners and perform a scan of your platform
then report back your results.

Trend:
http://housecall.antivirus.com
http://housecall.trendmicro.com

F-Secure:
http://support.f-secure.com/enu/home/ols.shtml

McAfee:
http://www.mcafee.com/myapps/mfs/default.asp

Panda:
http://www.pandasoftware.com/activescan/

Kaspersky:
http://www.kaspersky.com/de/scanforvirus

Symantec:
http://security.symantec.com/

BitDefender
http://www.bitdefender.com/scan/license.php

Dave




| I've a laptop with a mysterious servicepack2.exe service which I
| cannot get rid of.
| It's not signed by anyone, and sits in the system32 directory.
| It re-installs on every reboot, when the computer is connected to the
| internet.
| It may be associated with an unwanted autostarting Internet Explorer
| trying to install a Hot-SeXXX toolbar.
|
| I've tried Ad-aware, updated McAfee, run stinger, turned off System
| Restore, deleted everything from the run, run once and services keys
| in the registry. I've deleted the executable after terminating the
| service and still it comes back.
| The machine is running XP SP2, and this has survived the SP2 install.
| It seems to be able to disables Windows firewall, or install itself as
| an exception in Windows Firewall. Zone Alarm seems to get bypassed
| somehow.
| Any ideas?
|
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top