Re: w32com.exe

From: George Hester (hesterloli@hotmail.com)
Date: 12/30/02


From: "George Hester" <hesterloli@hotmail.com>
Date: Mon, 30 Dec 2002 17:08:27 -0500

servwin.exe is likely just Serv-U renamed. Look in HKLM\Software\Serv-U you likely have that there.

Also look in C:\WINNT\System32\drivers for a file called services.exe. Do Properties you will find it is called fscan. Remove it from there.

Also look in C:\WINNT\system32 for files of type .js. You are looking for:

                 243 run.js
             4,701 sqldir.js
             1,140 sqlexec.js
             4,249 sqlprocess.js
HTH.

This comes from having SQL sa account with null password.

-- 
George Hester
__________________________________
"taco" <d_taco@hotmail.com> wrote in message news:3E10908F.8040905@hotmail.com...
> I have the same file an same socket problems. Today a program 
> servwin.exe is installed and I suppose this is an other thread of the 
> same problem. I could not find serious information on the name 
> "servwin.exe". According the infornation of mcafee on W32/Cblade.worm.gen
> it is SQL server related. I' do have SQL server. More information is 
> welcome.
> 
> 
> 
> George Hester wrote:
> 
> > Anyone really know what this is?  Hunches are fine actually though I'd really like to know and so does someone in Germany.  No AV knows; no Anti-Trojan knows; Google don't know either.  But it exists I have it and causes a socket problem at shutdown.  I suppose I could let it fire up again and be more specific but nah ain't doing that.
> > 
> > 
>