svcnxp32.exe / W32.IRCbot

From: Frank Wheeler (frankwheeler_at_optonline.net)
Date: 09/16/04

Next message: Lawrence Abrams: "Re: svcnxp32.exe / W32.IRCbot"
Previous message: Carolyn: "Can't save files or settings"
Next in thread: Lawrence Abrams: "Re: svcnxp32.exe / W32.IRCbot"
Reply: Lawrence Abrams: "Re: svcnxp32.exe / W32.IRCbot"
Reply: David H. Lipman: "Re: svcnxp32.exe / W32.IRCbot"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Thu, 16 Sep 2004 16:07:07 GMT

Hi...

My latest Norton AV updates were installed last night, and immediately a
RED WARNING came up that stated that svcnxp32.exe was infected with the
W32.IRCbot, and that access to the file was denied.

I immediately went to the Windows (XP, SP2) System32 folder and
attempted to delete that svcnxp32.exe file, but it would not let me.

I opened the Task Manager, found that the svcnxp32.exe process was
running, and stopped it.

I went to the Symantec site and attempted to follow the instructions for
removal of the W32.IRCbot malicious code, but once into the registry,
the "winapii %windir%\winapii\winapii.exe" value was not in the
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
registry key. A reference to svcnxp32.exe was present, however, and that
was deleted.

Back to WinExplorer to delete the svcnxp32.exe file, without success.

Cannot even shut down that Norton RED WARNING window.

I have now gone through my entire registry deleting all references to
svcnxp32.exe, including two in a "Rule 460" registry key, but not the
entire key/folder.

Google does provide some information at this time, and acting on someone
else's suggestion, I did a search of my wife's machine on our home
network, and while I couldn't find the svcnxp32.exe file anywhere, I did
find two references to it in her registry, both of which were promptly
deleted.

This is very frustrating, of course... and I am stumped as to how to
proceed. I can't delete the damned executable file, can't shut down the
Norton RED WARNING, and have no idea how to proceed or even what sort of
risk I am running.

HELP!

Thank you.

-- 
- Frankly speaking

Next message: Lawrence Abrams: "Re: svcnxp32.exe / W32.IRCbot"
Previous message: Carolyn: "Can't save files or settings"
Next in thread: Lawrence Abrams: "Re: svcnxp32.exe / W32.IRCbot"
Reply: Lawrence Abrams: "Re: svcnxp32.exe / W32.IRCbot"
Reply: David H. Lipman: "Re: svcnxp32.exe / W32.IRCbot"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: svcnxp32.exe / W32.IRCbot
... > removal of the W32.IRCbot malicious code, but once into the registry, ... > Cannot even shut down that Norton RED WARNING window. ... > find two references to it in her registry, ...
(microsoft.public.security.virus)
svcnxp32.exe, Part 2
... removal of the W32.IRCbot malicious code, but once into the registry, ... Cannot even shut down that Norton RED WARNING window. ... I have now gone through my entire registry deleting all references to ...
(microsoft.public.windowsupdate)