regscan.exe???

Discussion in 'Malware Help (A Specialist Will Reply)' started by Hellfire500, Jul 8, 2006.

  1. Hellfire500

    Hellfire500 Private E-2

    The other day a small blue square suddenly appeared in the left hand corner of my desktop and an unknown program called registry scanner requested permission from my firewall to access the net.
    I later noticed a startup file in the task manager called regscan.exe and in the following location: c:\windows\system32\regscan.exe

    I ran full system scans with NAV & spyware doctor but nothing was found.

    According to a number of websites regscan.exe is something created by various trojans e.g. the Ilomo or Talex Trojan (the R in regscan is a capital for the talex).

    Has anyone encountered anything like this or have any idea on how to identify what has made its way into my pc?
     
    Hellfire500, Jul 8, 2006
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Welcome to Majorgeeks!

    Yes! You have W32/Rbot-HA . Here is a list of side effects that it can cause:

    • Allows others to access the computer
    • Steals information
    • Records keystrokes
    • Installs itself in the Registry
    • Exploits system or software vulnerabilities
    • Used in DOS attacks

    If you would like to fix this along with any othe malware you may have collected, please follow our standard cleaning procedures which are necessary for us to provide you support. Also there are steps included for installing, running, and posting HijackThis logs as attachments.
    • Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support
    • Make sure you check version numbers and get all updates.
    • Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.
    • After doing ALL of the above you still have a problem make sure you have booted to normal mode and run the steps in the below link to properly use HijackThis and attach a log:
    • When you return to make your next post, make sure you attach the following logs and that you have run these scans in the following order too (these scans are covered in steps 6 & 7 of the READ & RUN ME sticky)
      • Bitdefender
      • Panda Scan
      • HijackThis
     
    chaslang, Jul 8, 2006
    #2
  3. Hellfire500

    Hellfire500 Private E-2

    Hi

    Could you tell me which antivirus programs can detect this worm? It seems that Norton can't and the only one I can see so far which can is Sophos (which you can't seem to download and is just aimed at businesses). A removal tool would be even better.
     
    Hellfire500, Jul 9, 2006
    #3
  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    If you follow the procedures I gave to you, we will remove it when you finish (that is if the procedures do not remove and the probably will not but Bitdefender does locate these kinds of problems sometimes.).


    And supposedly Symantec will remove it too.
     
    chaslang, Jul 9, 2006
    #4

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds