From: George Hester (email@example.com)
- Next message: George Hester: "Re: what nfo file?"
- Previous message: paddy: "Were we hacked?"
- In reply to: Super_Geek: "Re: w32com.exe"
- Next in thread: mariuszgib: "Re: w32com.exe"
- Reply: mariuszgib: "Re: w32com.exe"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "George Hester" <firstname.lastname@example.org> Date: Tue, 17 Dec 2002 11:12:00 -0500
Actually it is a proprietary name. It's what TrendMicron calls it And from what I can tell there is not much on it outside of the AV makers.
In my case a reg entry was put in HKLM Run key was a string named TaskReg and had value w32com.exe. Of course that meant the file was in C:\WINNT\system32 and sure 'nuff it was.
I tried removing the file once but can you believe it it came back. Also the reg entry. So I wrote a empty value for that string (left the name) and again removed the file. That seems to have stopped it from appearing of late. Haven't seen it again in about well since I posted this.
It's funny too because if I put just an empty string name TaskReg in HKLM Run no value the AV Online Cos say I am infected with this. Try it. Just put an empty string in HKLM Rin key named above and try TrendMicron's Online virus scanner. It will tell you you are infected with this thing..
-- George Hester __________________________________ "Super_Geek" <RichardFalconer@freenet.co.uk> wrote in message news:Sf15bVATsy$9IwOx@clara.co.uk... > George Hester <email@example.com> asks: > >I been trying to consider everything. But no it ain't legit. Nobody else has it > >and the only person I have seen in the world is a German on a now cloesed > >Board. This one has actually been solved. At least it has for now. Thanks > >though. From what I can gather it is a Malware program called > >BKDR_TASKREG.A by Trend Micron. Looks like it may have come from a GNU > >product WinCVS I believe. > > > > Oh well. Well done. Wierd sounding name though, 'BKDR_TASKREG' > Ok. > > > -- > Super_Geek