winlogon.exe recreates regsvc.exe

P

PeaceHere

My home computer has regsvc.exe started automatically. Since it's for
remote access of the registry, I'm worried. I renamed this file in
the winnt\system32 directory, and was surprised to find it was back to
the directory right away.

I used filemon.exe to find out what happened.. It looks like
winlogon.exe automatically re-creates this file whenever it's missing.


This looks like a behavior of a virus of some sort. I ran Norton
AntiVirus, which didn't report anything. What can I do?

Thank you so much for answering,

Emma
 
D

David H. Lipman

From: <[email protected]>

| My home computer has regsvc.exe started automatically. Since it's for
| remote access of the registry, I'm worried. I renamed this file in
| the winnt\system32 directory, and was surprised to find it was back to
| the directory right away.
|
| I used filemon.exe to find out what happened.. It looks like
| winlogon.exe automatically re-creates this file whenever it's missing.
|
| This looks like a behavior of a virus of some sort. I ran Norton
| AntiVirus, which didn't report anything. What can I do?
|
| Thank you so much for answering,
|
| Emma

Both files are normal for Win2K.

If you are worried, please submit a sample of "regsvc.exe" and "winlogon.exe" to
Virus Total -- http://www.virustotal.com/flash/index_en.html
The submission will then be tested against many different AV vendor's scanners.
That will give you an idea what it is and who recognizes it. In addition, unless told
otherwise, Virus Total will provide the sample to all participating vendors.

You can also submit a suspect, one at a time, via the following email URL...
mailto:[email protected]?subject=SCAN

When you get the report, please post back the exact results.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

XP Home infected , cannot restore 18
XP's Winlogon.exe and Rundll32.exe infected? 7
winlogon.exe help! 1
Once in a while, winlogon.exe will hog CPU and makes my Windows unresponsive. 5
Trojan.win32.agent.em 7
Winlogon.Exe keeps calling out 1
Download.Trojan when double-clicking on any .txt file 1
Program Error- IEXPLORER.exe has generated errors. 1

Top