Are these Trojans?
From: MartynB (anonymous_at_discussions.microsoft.com)
Date: 12/31/04
- Previous message: amcguire: "Re: STILL major issues with POPUP POP BEHINDS and and other garba"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 31 Dec 2004 11:03:27 -0400
I'm running XP Pro SP2 and use AVG free, Spybot, Ad-Aware SE and a-squared
2 new processes have appeared yesterday and are both loaded by registry at
startup as:-
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"LangSupportEx"="mspmspv.exe"
"IPConfig"="svcxnw32.exe"
and:-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LangSupportEx"="mspmspv.exe"
"IPConfig"="svcxnw32.exe"
Both files are located in C:\WINDOWS\system32\
Properties:-
mspmspv.exe 18.5 KB (18,976 bytes) 30 December 2004, 11:26:14
svcxnw32.exe 18.5 KB (18,976 bytes) 30 December 2004, 18:28:59
According to netstat, the processes are established to the following
addresses using TCP:-
mspmspv.exe:-
17-112.202-68.se.rr.com [68.202.112.17] on port 6667
svcxnw32.exe:-
astound-64-83-195-190.mn.astound.net: [64.83.195.190] on port 6667
I have scanned using all the installed malware/virus scanners mentioned
above but they are not detected. I've also tried a web search but so far no
luck.
Does anyone have any info about these? They look like Trojans to me. How did
they get in?
Martyn
- Previous message: amcguire: "Re: STILL major issues with POPUP POP BEHINDS and and other garba"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
