Gale said:
Found the following line in the registry "C:\winnt\system32
\hiddenrun.exe WinSrv.exe" under the run statement. Is
the winsrv.exe a valid microsoft file required for WIN
2000? Any comments
This is a Trojan of some type. I am currently investigating and have
sent samples to SARC for testing.
You should be able to delete the line in the registry and there is
probably a second one "C:\winnt\system32> \hiddenrun.exe NTSrv.exe."
You will also find a service for ServU FTP service that needs to be
stopped and removed from the registry. I don't know what other
problems this thing causes. But in one of my client networks, Windows
9x machines were prevented from logging on to the network.
AL