Re: strange process

From: Bob McCoy [MSFT] (bobmccoy_at_online.microsoft.com)
Date: 12/17/04

• Next message: D_at_annyBoy: "Re: Mail merge"
• Previous message: Steve: "Re: Norton Internet Security"
• In reply to: Lanwench [MVP - Exchange]: "Re: strange process"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Thu, 16 Dec 2004 18:22:33 -0600

New worm variant ... W32/Forbot-CY
http://www.sophos.com/virusinfo/analyses/w32forbotcy.html

-- 
Bob McCoy
* This posting is provided "AS IS" with no warranties, and confers no
rights.
* Please note I cannot respond to email questions. Please use these
newsgroups.
"Lanwench [MVP - Exchange]" 
<lanwench@heybuddy.donotsendme.unsolicitedmail.atyahoo.com> wrote in message 
news:uWccx6w4EHA.1596@tk2msftngp13.phx.gbl...
>r wisz wrote:
>> I've been seeing a process running called "navsse.exe" - it's stored
>> in the \system32 folder and is marked read-only.  It shows up in the
>> usual places in the registry (run key, run services key, etc.).
>>
>> It can be deleted from the registry and re-installs itself there
>> prior to being able to rename the file, which I was able to do by
>> starting in safe mode.  File also seems to be network-aware.  Tough
>> file to get rid of, and none of the anti-virus sites or google have
>> anything on it.
>>
>> Has anybody heard of this file, and better, how to kill it?  Thanks
>> very much.
>
> NAV__ sounds like Norton Antivirus. Do you run Norton?
>
> 

---

• Next message: D_at_annyBoy: "Re: Mail merge"
• Previous message: Steve: "Re: Norton Internet Security"
• In reply to: Lanwench [MVP - Exchange]: "Re: strange process"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: Startup Application self restores after removal?? ... Partner Pack version, download from here ... Uninstall the core application ... Use RegSeeker or any Registry tool that has a comprehensive Find ... >>>I became disillusioned with Norton Antivirus (conflicts with SoundBlaster ... (microsoft.public.windowsxp.general) Re: cant remove from Add/Remove Programs ... Regedit deleted all the keys referred to Norton Antivirus and Symantec as ... Registry Editor ... While Norton's removal tool usually gets the job done, ... (microsoft.public.windowsxp.help_and_support) strange process ... I've been seeing a process running called "navsse.exe" - it's stored in the ... \system32 folder and is marked read-only. ... the registry (run key, run services key, etc.). ... It can be deleted from the registry and re-installs itself there prior to ... (microsoft.public.security) Re: restore registry? ... services key, then import. ... Troubleshooting Windows XP ... > Okay I did a registry export and now I want to restore the registry so I ... Prev by Date: ... (microsoft.public.windowsxp.general) Re: strange process ... > in the \system32 folder and is marked read-only. ... > It can be deleted from the registry and re-installs itself there ... NAV__ sounds like Norton Antivirus. ... (microsoft.public.security)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Newsgroups  > microsoft.public.security  > 2004-12