Re: svcnxp32.exe / W32.IRCbot
From: Lawrence Abrams (grinler-AT=bleepingcomputer.com)
Date: 09/16/04
- Next message: Lawrence Abrams: "Re: VIRUS MHTMLREDIR"
- Previous message: Frank Wheeler: "svcnxp32.exe / W32.IRCbot"
- In reply to: Frank Wheeler: "svcnxp32.exe / W32.IRCbot"
- Next in thread: David H. Lipman: "Re: svcnxp32.exe / W32.IRCbot"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 16 Sep 2004 13:33:27 -0400
Download killbox here:
http://www.bleepingcomputer.com/files/killbox.php
Unzip the folder to your desktop.
Start Killbox.exe
When it is open, enter c:\windows\system32\ svcnxp32.exe into the field
labeled "Full path of file to delete".
Select the Delete on reboot option.
Then press the button that looks like a red circle with a white X in it.
Your computer will reboot and check to see if the file is gone.
-- Lawrence Abrams http://www.bleepingcomputer.com Source for Original Content, Tutorials, and Support for the beginning computer user. "Frank Wheeler" <frankwheeler@optonline.net> wrote in message news:LSi2d.536$Of4.1943873@news4.srv.hcvlny.cv.net... > Hi... > > My latest Norton AV updates were installed last night, and immediately a > RED WARNING came up that stated that svcnxp32.exe was infected with the > W32.IRCbot, and that access to the file was denied. > > I immediately went to the Windows (XP, SP2) System32 folder and > attempted to delete that svcnxp32.exe file, but it would not let me. > > I opened the Task Manager, found that the svcnxp32.exe process was > running, and stopped it. > > I went to the Symantec site and attempted to follow the instructions for > removal of the W32.IRCbot malicious code, but once into the registry, > the "winapii %windir%\winapii\winapii.exe" value was not in the > "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" > registry key. A reference to svcnxp32.exe was present, however, and that > was deleted. > > Back to WinExplorer to delete the svcnxp32.exe file, without success. > > Cannot even shut down that Norton RED WARNING window. > > I have now gone through my entire registry deleting all references to > svcnxp32.exe, including two in a "Rule 460" registry key, but not the > entire key/folder. > > Google does provide some information at this time, and acting on someone > else's suggestion, I did a search of my wife's machine on our home > network, and while I couldn't find the svcnxp32.exe file anywhere, I did > find two references to it in her registry, both of which were promptly > deleted. > > This is very frustrating, of course... and I am stumped as to how to > proceed. I can't delete the damned executable file, can't shut down the > Norton RED WARNING, and have no idea how to proceed or even what sort of > risk I am running. > > HELP! > > Thank you. > > -- > - Frankly speaking > > >
- Next message: Lawrence Abrams: "Re: VIRUS MHTMLREDIR"
- Previous message: Frank Wheeler: "svcnxp32.exe / W32.IRCbot"
- In reply to: Frank Wheeler: "svcnxp32.exe / W32.IRCbot"
- Next in thread: David H. Lipman: "Re: svcnxp32.exe / W32.IRCbot"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
