G
geoff Smith
There is a process running on my PC (XP with service pack 1) called
msreg32.exe.
This process seems to close McAfee VirusScan, I've verified this by
suspending the process with Process Explorer (from
www.sysinternals.com). When the process is suspended I can run a scan -
when msreg32.exe is active VirusScan closes immeadiatly after starting.
(Just discovered it does the same to the AVG virus scan!!)
If I terminate the process msreg32 - after a minute or so it starts it's
self up again.
I did find references to C:\windows\system32\msreg32.exe in the win.ini
file and the registrty (Run service) - which I have now removed... but
the file does not seem to exist anywhere.
I've checked that path (yes; show hidden files and folders is selected
and Hide protected operating system files is unchecked) I've booted into
safe mode and checked again - both from explorer and from a command
prompt - no sign of the file.
VirusScan it's self (when I worked out how to get it running) didn't
detect anything, and niether did Trends Housecall online scan.
After doing all this and re-booting the process just keeps on
appearing!!!
Is it possible for a trojan/virus to completely hide it's self like this
and how the heck do I get rid of it?
Any thought would be appreciated.
msreg32.exe.
This process seems to close McAfee VirusScan, I've verified this by
suspending the process with Process Explorer (from
www.sysinternals.com). When the process is suspended I can run a scan -
when msreg32.exe is active VirusScan closes immeadiatly after starting.
(Just discovered it does the same to the AVG virus scan!!)
If I terminate the process msreg32 - after a minute or so it starts it's
self up again.
I did find references to C:\windows\system32\msreg32.exe in the win.ini
file and the registrty (Run service) - which I have now removed... but
the file does not seem to exist anywhere.
I've checked that path (yes; show hidden files and folders is selected
and Hide protected operating system files is unchecked) I've booted into
safe mode and checked again - both from explorer and from a command
prompt - no sign of the file.
VirusScan it's self (when I worked out how to get it running) didn't
detect anything, and niether did Trends Housecall online scan.
After doing all this and re-booting the process just keeps on
appearing!!!
Is it possible for a trojan/virus to completely hide it's self like this
and how the heck do I get rid of it?
Any thought would be appreciated.