Srvpwlog.exe???

Discussion in 'Malware Help (A Specialist Will Reply)' started by Severian77, Aug 11, 2008.

  1. Severian77

    Severian77 Private E-2

    Gentlemen,

    Last Monday, I noticed a filein my System32 folder which I hadn't seen before. It's titled SRVPWLOG.EXE.

    I ran a scan opn it, but it came up clen. I couldn't find any info on the net on it, either. So I bravely/foolishly tried to delete it, only to find out it was running. I went into my Task manager and stopped it, but it still wouldn't allow me to delete it.

    So, I downloaded Spybot and tried the File Shredder. That *kind of* workeS, but it replaced the file with two nonsense-name files before my very eyes.

    In short, I've tried Killbox (ewhich wouldn't delete it), Spybot, and CA's Internet Security Plus, none of which have been able to tell me what it is, how it got there, what it does, or how to get rid of it. I found its entry in my registry and took it out, but nothing different there, either.

    My internet is running very slowly, as is my machine in general, I believe. My memory usage seems rather high, too. Something is rotten in the state of Denmark. Can any of you tell me what this might be? Below is my info from HijackThis:

    Logfile of HijackThis v1.98.2
    Scan saved at 10:23:19 PM, on 8/11/2008
    Platform: Windows 2000 SP4 (WinNT 5.00.2195)
    MSIE: Unable to get Internet Explorer version!


    Edit by chaslang: Inline HJT log removed. READ & RUN ME sticky not followed.

    Any help would be much appreciated!

    Thanks,

    Severian
     
    Last edited by a moderator: Aug 12, 2008
    Severian77, Aug 11, 2008
    #1
  2. Severian77

    Severian77 Private E-2

    PS - There's also a fishy-looking .dll file hanging around with it, called WINWPSRV.DLL...

    Severian
     
    Severian77, Aug 11, 2008
    #2
  3. Severian77

    Severian77 Private E-2

    Yikes!

    Sorry to have posted HijackThis log! I could barely get Firefox to load the page last night, so I didn't see the sticky about HT logs. Since I'm at the office now, I read it to my dismay this morning. I'd edit the log out, but I can't seem to find the function to edit my posts...

    Sorry!
     
    Severian77, Aug 12, 2008
    #3
  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Welcome to Major Geeks!

    Please follow the instructions in the below link and attach the requested logs when you finish these instructions.



    • If something does not run, write down the info to explain to us later but keep on going.
    • Do not assume that because one step does not work that they all will not.
    Notes:

    1. If you run into problems trying to run theREAD & RUN ME or any of the scans in normal boot mode. You can running steps in safe boot mode but make sure you tell us what you did later when you post logs. See the below if you do not know how to boot in safe mode:
    2. If you have problems downloading on the problem PC, download the tools on another PC and burn to a CD. Then copy them to the problem PC. You will have to skip getting updates if (and only if) your internet connection does not work. Yes you could use a flash drive too but flash drives are writeable and infections can spread to them.
     
    chaslang, Aug 12, 2008
    #4

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds