winsrv.exe

G

Gale

Found the following line in the registry "C:\winnt\system32
\hiddenrun.exe WinSrv.exe" under the run statement. Is
the winsrv.exe a valid microsoft file required for WIN
2000? Any comments
 
M

Mark V

Gale wrote in
Found the following line in the registry "C:\winnt\system32
\hiddenrun.exe WinSrv.exe" under the run statement. Is
the winsrv.exe a valid microsoft file required for WIN
2000? Any comments
Click to expand...

Did you Google?
About 44 hits on "winsrv.exe". Possible evidence of Worm! Maybe
Opaserv or other.

It appears that the "winsrv.exe" and "hiddenrun.exe" _may_ also have
legitimate uses.
 
A

Allen Ladd

Gale said:
Found the following line in the registry "C:\winnt\system32
\hiddenrun.exe WinSrv.exe" under the run statement. Is
the winsrv.exe a valid microsoft file required for WIN
2000? Any comments
Click to expand...

This is a Trojan of some type. I am currently investigating and have
sent samples to SARC for testing.

You should be able to delete the line in the registry and there is
probably a second one "C:\winnt\system32> \hiddenrun.exe NTSrv.exe."
You will also find a service for ServU FTP service that needs to be
stopped and removed from the registry. I don't know what other
problems this thing causes. But in one of my client networks, Windows
9x machines were prevented from logging on to the network.

AL
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Norton NAV doesn't see Litmus, but Symantec does 8
Lost Disk Space 7
Fix for large, possibly corrupt DEFAULT registry file? 9
System and system32 folders locked ??? 0
Registry Editor Window Error msg 5
HELP: Desktop/Task Bar MISSING after Windows 2000 startup, but I can start desktop/task bar manually 0
Environmental variable in Registry key 6
Standby Option has disappeared 2

Top